Solved how to bring back to work a software after recovery ?

February 1, 2013 at 14:49:02
Specs: Windows 7

hi guys i need some help ,
i want to recover my laptop because virus attack that means it will delete all softwar and other stuf, but i dont want to delete just one software because i lost my CD and i cant find it again , and its very expensive , how can i save that software and bring it back to work after recovery ,, pls if someone knows how to do pls tell me .. thanks :D (sorry for my english)

See More: how to bring back to work a software after recovery ?

Report •


✔ Best Answer
February 1, 2013 at 15:28:40

1: Run Hitman Pro, then Copy & Paste the log please.
http://www.softpedia.com/get/Intern...
http://www.softpedia.com/progScreen...
http://www.surfright.nl/en/HitmanPro
http://www.surfright.nl/en/hitmanpro/
Unlimited free scanning and free 30-day version to remove detected malware.
Download now (32-bit)
http://dl.surfright.nl/HitmanPro35.exe
Download now (64-bit)
http://dl.surfright.nl/HitmanPro35_...
Review
http://www.youtube.com/watch?v=WmPQ...


#1
February 1, 2013 at 14:53:37

"but i dont want to delete just one software"
What is the exact name of that software please?

Report •

#2
February 1, 2013 at 14:54:34

Do you have the Windows 7 CD?

Report •

#3
February 1, 2013 at 14:56:46

If you do a recovery (I assume you mean using the manufacturer's recovery partition?), you will lose everything you have installed & the laptop will be returned to the condidition it was in the day you bought it. Why don't you just remove the virus instead?

Report •

Related Solutions

#4
February 1, 2013 at 14:59:00

its a bussines program , you cant find it on internet , its called Drpimapen ,

Report •

#5
February 1, 2013 at 15:01:19

yes i know , i will lose everything , my laptop its atacked with malaware and worm , and i cant delete them ,

Report •

#6
February 1, 2013 at 15:01:55

no i dont have , i want to return to factory condition ,

Report •

#7
February 1, 2013 at 15:05:31

"its called Drpimapen"
Ok, I was hoping that I may have been able to offer another program.

Report •

#8
February 1, 2013 at 15:07:47

ok :( thanks anyway

Report •

#9
February 1, 2013 at 15:11:36

"no i dont have , i want to return to factory condition"
The problem with malware infections is, they may require you to delete ALL partitions, if you do that or return to factory condition you will lose Drpimapen.

Do you want me to guide you through removing the Malware?

If so, post the logs of what you have tried.


Report •

#10
February 1, 2013 at 15:20:31

ok then im not professional with pc , i have scaned my pc with antivirus microsoft security esentisial , but its not detecting anything,, my pc it still very low and it have very low connection ,

Report •

#11
February 1, 2013 at 15:26:46

" i have scaned my pc with antivirus microsoft security esentisial"
Ok, that is what I use, but once you have been conned, we have to use specialized programs.

Malware Prevention
http://www.malwarevault.com/index.html
"There is no magic involved. The majority of malware is installed by the user themselves"


Report •

#12
February 1, 2013 at 15:28:40
✔ Best Answer

1: Run Hitman Pro, then Copy & Paste the log please.
http://www.softpedia.com/get/Intern...
http://www.softpedia.com/progScreen...
http://www.surfright.nl/en/HitmanPro
http://www.surfright.nl/en/hitmanpro/
Unlimited free scanning and free 30-day version to remove detected malware.
Download now (32-bit)
http://dl.surfright.nl/HitmanPro35.exe
Download now (64-bit)
http://dl.surfright.nl/HitmanPro35_...
Review
http://www.youtube.com/watch?v=WmPQ...

Report •

#13
February 1, 2013 at 15:30:36

Restoring an installed application without the install media is so difficult that few experts would even attempt it. If you have a legal copy of the software the supplier may be able to supply replacement install media.

Report •

#14
February 1, 2013 at 15:31:28

i will try right now , thank you very much

Report •

#15
February 1, 2013 at 15:33:21

that means its imposible for me :( ok then thanks :D

Report •

#16
February 1, 2013 at 15:34:29

Johnw

You might wish to update your link in #11 - it's changed.


Report •

#17
February 1, 2013 at 15:36:12

albo
What time zone/city are you in please?

Report •

#18
February 1, 2013 at 15:38:31

Thanks Derek, I rely on others to help me.

Report •

#19
February 1, 2013 at 15:40:54

johnw if youre talking with me... i live in kosovo its near albania and near serbia, time right know its 12:40 AM

Report •

#20
February 1, 2013 at 15:45:06

Thanks albo, brrrrrr, let me know when you want to go to bed.

http://www.timeanddate.com/worldclo...

My time zone.
http://www.timeanddate.com/worldclo...


Report •

#21
February 1, 2013 at 15:47:08

hahha :D you find it , i will go when i finish this i downloaded the hitman now its clasifying he found something .

Report •

#22
February 1, 2013 at 15:51:06

now i see your time zone , i love australia :D
the scan has finished
hitman found 6 threats (traces 436), and now it says removal results,

Report •

#23
February 1, 2013 at 16:15:17

"the scan has finished"
Copy & Paste the log please. We are not finished yet.

hitman pro log file location
http://is.gd/hOJwkj
http://forums.majorgeeks.com/showth...


Report •

#24
February 1, 2013 at 16:21:12

really , ok i am doing this right now ,

Report •

#25
February 1, 2013 at 16:29:23

its finished ,but now he dosnt find anything , in first time he found 6 ,but now they are in history ,,have i done something wrong ??

Report •

#26
February 1, 2013 at 16:32:18

"have i done something wrong ??"
Probably, read the link I gave you or in Google.

Report •

#27
February 1, 2013 at 16:35:42

i have done all like how it says in that forum , in history are 6 items ,
5 are deleted and 1 is quarantined

Report •

#28
February 1, 2013 at 16:49:06

"5 are deleted and 1 is quarantined"
I want to see what those are, Copy & Paste that info please.

Report •

#29
February 1, 2013 at 17:03:49

I just ran Hitman, the screenshot ( SS ) below shows where the logs are.

Copy & paste the contents of the logs please.

http://i.imgur.com/JKdgqFT.gif


Report •

#30
February 2, 2013 at 00:29:17

i found that , i copyed them , but where do i need to Paste them ,
and do i need to copy all the text ?

Report •

#31
February 2, 2013 at 00:39:57

"but where do i need to Paste them"
Right here.

"and do i need to copy all the text ?"
Same as post #12 here. In other words I want to see everything the Hitman log shows.
http://www.computing.net/answers/se...


Report •

#32
February 2, 2013 at 02:20:20

this is all what it says in that log

part one ,

[code]
HitmanPro 3.7.1.186
www.hitmanpro.com

Computer name . . . . : ALBANBERISHA-PC
Windows . . . . . . . : 6.1.0.7600.X64/2
User name . . . . . . : Albanberisha-PC\Alban berisha
UAC . . . . . . . . . : Enabled
License . . . . . . . : Trial (29 days left)

Scan date . . . . . . : 2013-02-02 00:42:53
Scan mode . . . . . . : Normal
Scan duration . . . . : 5m 58s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No

Threats . . . . . . . : 6
Traces . . . . . . . : 436

Objects scanned . . . : 1,813,881
Files scanned . . . . : 37,187
Remnants scanned . . : 546,840 files / 1,229,854 keys

Malware _____________________________________________________________________

C:\Users\Alban berisha\Desktop\cs cheats\[cheat-project.com] ESW B1008 2010-10-13\ESW_B1008\ESW_B1008\ESW B1008.exe -> Quarantined
Size . . . . . . . : 167,424 bytes
Age . . . . . . . : 475.5 days (2011-10-15 12:13:45)
Entropy . . . . . : 7.8
SHA-256 . . . . . : 750595D0E0A8CB7B9AE18526FA4A75DC3D17B956632C16DC9B2354E9D83CF4A4
> Ikarus . . . . . . : Trojan.Win32.Agent!IK
Fuzzy . . . . . . : 114.0

C:\Windows\SysWOW64\.exe -> Deleted
Size . . . . . . . : 53,723 bytes
Age . . . . . . . : 669.4 days (2011-04-04 14:24:50)
Entropy . . . . . : 7.0
SHA-256 . . . . . : BD0B3AF2BE37EC1D9445F030A1346305D7C0560598BC94C14181D90E95AB7A96
Needs elevation . : Yes
> a-Squared . . . . : Trojan-Clicker.Win32.NSIS.j!A2
> G Data . . . . . . : Application.Generic.358118 (Engine-A)
Fuzzy . . . . . . : 108.0


Report •

#33
February 2, 2013 at 02:21:08

Suspicious files ____________________________________________________________

C:\Users\Alban berisha\AppData\Local\PunkBuster\BFP4F\pb\dll\wc002304.dll
Size . . . . . . . : 954,496 bytes
Age . . . . . . . : 61.5 days (2012-12-02 11:45:09)
Entropy . . . . . : 7.6
SHA-256 . . . . . : EEBDAC091729B0B80A21E14B2CE0392E4584205BA06F5ED1B846C51D034A2177
Fuzzy . . . . . . : 29.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.

C:\Users\Alban berisha\AppData\Local\PunkBuster\BFP4F\pb\pbcl.dll
Size . . . . . . . : 954,496 bytes
Age . . . . . . . : 60.2 days (2012-12-03 19:31:12)
Entropy . . . . . : 7.6
SHA-256 . . . . . : EEBDAC091729B0B80A21E14B2CE0392E4584205BA06F5ED1B846C51D034A2177
Fuzzy . . . . . . : 29.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.

C:\Users\Alban berisha\AppData\Local\PunkBuster\BFP4F\pb\pbclold.dll
Size . . . . . . . : 954,496 bytes
Age . . . . . . . : 61.5 days (2012-12-02 11:38:40)
Entropy . . . . . : 7.6
SHA-256 . . . . . : EEBDAC091729B0B80A21E14B2CE0392E4584205BA06F5ED1B846C51D034A2177
Fuzzy . . . . . . : 29.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.

C:\Users\Alban berisha\AppData\Local\PunkBuster\BFP4F\pb\PnkBstrK.sys
Size . . . . . . . : 139,424 bytes
Age . . . . . . . : 61.5 days (2012-12-02 11:41:08)
Entropy . . . . . : 7.8
SHA-256 . . . . . : 2A97BC40220EE7B5383991EDB238A70B2D6A7881E54E465999E2EADD6A396029
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 22.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
Program is code signed with a valid Authenticode certificate.

C:\Users\Alban berisha\AppData\Local\PunkBuster\BLR\pb\dll\wc002293.dll
Size . . . . . . . : 949,190 bytes
Age . . . . . . . : 136.5 days (2012-09-18 13:28:23)
Entropy . . . . . : 7.6
SHA-256 . . . . . : DAF43E93528BEEECC015FA98D6EE6D6FD6D19A049321E47A65665144E4511F41
Fuzzy . . . . . . : 29.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.

C:\Users\Alban berisha\AppData\Local\PunkBuster\BLR\pb\pbcl.dll
Size . . . . . . . : 949,190 bytes
Age . . . . . . . : 136.5 days (2012-09-18 13:28:23)
Entropy . . . . . : 7.6
SHA-256 . . . . . : DAF43E93528BEEECC015FA98D6EE6D6FD6D19A049321E47A65665144E4511F41
Fuzzy . . . . . . : 29.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.

C:\Users\Alban berisha\AppData\Local\PunkBuster\BLR\pb\pbclold.dll
Size . . . . . . . : 963,613 bytes
Age . . . . . . . : 139.3 days (2012-09-15 16:26:00)
Entropy . . . . . : 7.6
SHA-256 . . . . . : E7EB0F070DDDBDC1793677B6EF811338CDCEC5AE744A032C223DD1763D97A56B
Fuzzy . . . . . . : 29.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.

C:\Users\Alban berisha\AppData\Local\PunkBuster\BLR\pb\PnkBstrK.sys
Size . . . . . . . : 140,480 bytes
Age . . . . . . . : 139.3 days (2012-09-15 16:26:15)
Entropy . . . . . : 7.7
SHA-256 . . . . . : 64063C820C5972BBD6E524C68065570BF54D85FA0FFE0BD063B6954298F7D015
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 22.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
Program is code signed with a valid Authenticode certificate.

C:\Users\Alban berisha\AppData\Local\PunkBuster\COD4\pb\pbcl.dll
Size . . . . . . . : 956,558 bytes
Age . . . . . . . : 732.7 days (2011-01-31 08:20:52)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 567AB086A18F5447AB036192A40837C4FB9679BDB54BE2DCF99F90F4BA83BCC9
Fuzzy . . . . . . : 29.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.

C:\Users\Alban berisha\AppData\Local\PunkBuster\COD4\pb\pbcls.dll
Size . . . . . . . : 956,558 bytes
Age . . . . . . . : 732.7 days (2011-01-31 08:20:52)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 567AB086A18F5447AB036192A40837C4FB9679BDB54BE2DCF99F90F4BA83BCC9
Fuzzy . . . . . . : 29.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.

C:\Users\Alban berisha\AppData\Local\PunkBuster\COD4\pb\PnkBstrK.sys
Size . . . . . . . : 138,160 bytes
Age . . . . . . . : 732.7 days (2011-01-31 08:22:53)
Entropy . . . . . : 7.8
SHA-256 . . . . . : 171C32702C73ECD6EAD6A120C5E0BCE649444BE4068C4ECA4C548644DF151A5E
RSA Key Size . . . : 1024
Authenticode . . . : Valid
Fuzzy . . . . . . : 22.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
Program is code signed with a valid Authenticode certificate.

C:\Users\Alban berisha\AppData\Local\PunkBuster\HEROES\pb\pbcl.dll
Size . . . . . . . : 947,283 bytes
Age . . . . . . . : 96.3 days (2012-10-28 18:33:48)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 26898E20DB3E20E2986684F1726D3421B0EA9D381F4BD56D6370AAE63973F5B8
Fuzzy . . . . . . : 29.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.

C:\Users\Alban berisha\AppData\Local\PunkBuster\HEROES\pb\PnkBstrK.sys
Size . . . . . . . : 139,080 bytes
Age . . . . . . . : 96.3 days (2012-10-28 18:34:58)
Entropy . . . . . : 7.8
SHA-256 . . . . . : FAE59652245B6F30D2B5173E1EBC7079F8BBB1CBAC168BBF151AE81879F26AB7
RSA Key Size . . . : 1024
Authenticode . . . : Valid
Fuzzy . . . . . . : 22.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
Program is code signed with a valid Authenticode certificate.

C:\Users\Alban berisha\AppData\Local\PunkBuster\UNCO\pb\pbcl.dll
Size . . . . . . . : 833,236 bytes
Age . . . . . . . : 747.1 days (2011-01-16 22:24:15)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 224E58B68FE38C7B9DE702D8E970158B3DB6B0CAE3429B4903DAFC68AE60C83C
Fuzzy . . . . . . : 29.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.

C:\Users\Alban berisha\Desktop\cs cheats\super_cheats\super_cheats\test.dll
Size . . . . . . . : 54,784 bytes
Age . . . . . . . : 475.4 days (2011-10-15 16:02:34)
Entropy . . . . . : 7.9
SHA-256 . . . . . : B06937D8FC757BE1194ECF71BB138F1A7263AAFA0056526D04AA10B8AE3C0FB2
Fuzzy . . . . . . : 22.0
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
The Entry Point of this file lies in a resource section. This is an indication of malware infection.
The .rsrc (resources) section in this program is set to executable. This is an indication of malware infection.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.


Report •

#34
February 2, 2013 at 02:22:43

Malware remnants ____________________________________________________________

C:\Program Files (x86)\FileSubmit\ (Adware.NewDotNet) -> Deleted
C:\Program Files (x86)\FileSubmit\184268\ (Adware.NewDotNet) -> Deleted
C:\Program Files (x86)\FileSubmit\184268\184268.zip (Adware.NewDotNet) -> Deleted
C:\Program Files (x86)\FileSubmit\184268\internal-flame-ws.zip (Adware.NewDotNet) -> Deleted

Potential Unwanted Programs _________________________________________________

C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml (Babylon)
C:\Users\Alban berisha\AppData\Local\Babylon\ (Babylon)
C:\Users\Alban berisha\AppData\Local\Babylon\Setup\ (Babylon)
C:\Users\Alban berisha\AppData\Local\Babylon\Setup\bab033.tbinst.dat (Babylon)
C:\Users\Alban berisha\AppData\Local\Babylon\Setup\bab091.norecovericon.dat (Babylon)
C:\Users\Alban berisha\AppData\Local\Babylon\Setup\Babylon.dat (Babylon)
C:\Users\Alban berisha\AppData\Local\Babylon\Setup\BabylonTBUpdater.dll (Babylon)
Size . . . . . . . : 240,128 bytes
Age . . . . . . . : 529.2 days (2011-08-22 19:38:35)
Entropy . . . . . : 6.4
SHA-256 . . . . . : 49F941EBD9DBB6D50E85005B190C4111C0FFDF4814F20EC4C23D157CE0031663
Fuzzy . . . . . . : 6.0

C:\Users\Alban berisha\AppData\Local\Babylon\Setup\BabylonTBUpdater.exe (Babylon)
Size . . . . . . . : 2,660 bytes
Age . . . . . . . : 529.2 days (2011-08-22 19:38:35)
Entropy . . . . . : 3.9
SHA-256 . . . . . : CD41D578A8651BD4C1E55B77B8E389DDCEA83FB131E7860D9193D8C404E151B3
Fuzzy . . . . . . : 6.0

C:\Users\Alban berisha\AppData\Local\Babylon\Setup\BExternal.dll (Babylon)
Size . . . . . . . : 130,048 bytes
Age . . . . . . . : 355.6 days (2012-02-12 09:49:32)
Entropy . . . . . : 6.1
SHA-256 . . . . . : 6052B6BCCBE5354BD46F4AC69F2EF9D62E39F0D0B5A00A2D8C85A1197486B498
Fuzzy . . . . . . : 6.0

C:\Users\Alban berisha\AppData\Local\Babylon\Setup\HtmlScreens\ (Babylon)
C:\Users\Alban berisha\AppData\Local\Babylon\Setup\HtmlScreens\cmbx.png (Babylon)
C:\Users\Alban berisha\AppData\Local\Babylon\Setup\HtmlScreens\common.js (Babylon)
C:\Users\Alban berisha\AppData\Local\Babylon\Setup\HtmlScreens\eula.html (Babylon)
C:\Users\Alban berisha\AppData\Local\Babylon\Setup\HtmlScreens\lngs.png (Babylon)
C:\Users\Alban berisha\AppData\Local\Babylon\Setup\HtmlScreens\page1.css (Babylon)
C:\Users\Alban berisha\AppData\Local\Babylon\Setup\HtmlScreens\page1.html (Babylon)
C:\Users\Alban berisha\AppData\Local\Babylon\Setup\HtmlScreens\page1.js (Babylon)
C:\Users\Alban berisha\AppData\Local\Babylon\Setup\HtmlScreens\page1Lrg.css (Babylon)
C:\Users\Alban berisha\AppData\Local\Babylon\Setup\HtmlScreens\page2.css (Babylon)
C:\Users\Alban berisha\AppData\Local\Babylon\Setup\HtmlScreens\page2.html (Babylon)
C:\Users\Alban berisha\AppData\Local\Babylon\Setup\HtmlScreens\page2.js (Babylon)
C:\Users\Alban berisha\AppData\Local\Babylon\Setup\HtmlScreens\page2Lrg.css (Babylon)
C:\Users\Alban berisha\AppData\Local\Babylon\Setup\HtmlScreens\page9.html (Babylon)
C:\Users\Alban berisha\AppData\Local\Babylon\Setup\HtmlScreens\pBar.gif (Babylon)
C:\Users\Alban berisha\AppData\Local\Babylon\Setup\HtmlScreens\title1.png (Babylon)
C:\Users\Alban berisha\AppData\Local\Babylon\Setup\HtmlScreens\title2.png (Babylon)
C:\Users\Alban berisha\AppData\Local\Babylon\Setup\HtmlScreens\toolBar.jpg (Babylon)
C:\Users\Alban berisha\AppData\Local\Babylon\Setup\HtmlScreens\vIcn.png (Babylon)
C:\Users\Alban berisha\AppData\Local\Babylon\Setup\Setup-tbmntr-9.0.3.9.zpb (Babylon)
C:\Users\Alban berisha\AppData\Local\Babylon\Setup\Setup-tbmntr903-9.0.3.19.zpb (Babylon)
C:\Users\Alban berisha\AppData\Local\Babylon\Setup\Setup-tbmntr903-9.0.3.35.zpb (Babylon)
C:\Users\Alban berisha\AppData\Local\Babylon\Setup\Setup.exe (Babylon)
Size . . . . . . . : 1,803,376 bytes
Age . . . . . . . : 529.2 days (2011-08-22 19:38:35)
Entropy . . . . . : 5.8
SHA-256 . . . . . : A1A97E5C13A8E39EC8B5A9FFD7C5CFF11749B1B203CE6F7095FEC28D01B4798E
Product . . . . . : Setup Module
Publisher . . . . : Babylon Ltd.
Description . . . : Setup Application
Version . . . . . : 9.0.3.19
Copyright . . . . : Copyright © Babylon Ltd. 1997-2011
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -7.0

C:\Users\Alban berisha\AppData\Local\Babylon\Setup\SetupStrings.dat (Babylon)
C:\Users\Alban berisha\AppData\Local\funmoods.crx (Funmoods)
C:\Users\Alban berisha\AppData\LocalLow\Funmoods\ (Funmoods)
C:\Users\Alban berisha\AppData\LocalLow\Funmoods\Funmoods\us\20101003\ (Funmoods)
C:\Users\Alban berisha\AppData\LocalLow\Funmoods\Funmoods\us\20101003\kywrds.tat (Funmoods)
C:\Users\Alban berisha\AppData\LocalLow\Funmoods\Funmoods\us\20101003\kywrds.ttr (Funmoods)
C:\Users\Alban berisha\AppData\Roaming\Babylon\ (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Babylon\log_file.txt (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\ (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\chrome.manifest (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\components\ (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\components\acplus-autocomplete.js (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\components\FFHst.dll (Babylon)
Size . . . . . . . : 474,112 bytes
Age . . . . . . . : 529.2 days (2011-08-22 19:39:03)
Entropy . . . . . : 5.8
SHA-256 . . . . . : E8A0D120B2D590940629623CC0227D1F7760DA8D6D95075A20A537AE63B4B40E
Product . . . . . : Babylon Toolbar
Publisher . . . . : Babylon Ltd.
Description
Version . . . . . : 1.4.31.0
Copyright . . . . : (c) Babylon Ltd. All rights reserved.
Fuzzy . . . . . . : 0.0

C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\components\FFHst.xpt (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\content\ (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\content\babylon.css (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\content\babylon.xul (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\content\bbylnDef.js (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\content\btnInf.js (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\content\imgs\ (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\content\imgs\09.png (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\content\imgs\arwDwn.gif (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\content\imgs\bbyln.png (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\content\imgs\buy.gif (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ae.png (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\bg.png (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ch.png (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\cn.png (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\cz.png (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\de.png (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\eg.png (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\en.png (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\es.png (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\fr.png (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\gr.png (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\he.png (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\il.png (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\it.png (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ja.png (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\jp.png (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\nl.png (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\no.png (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\pl.png (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\pt.png (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ro.png (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ru.png (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\sa.png (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\se.png (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\sv.png (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\Thumbs.db (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\tr.png (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ua.png (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\us.png (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\content\imgs\games.png (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\content\imgs\greenCard.png (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\content\imgs\help_16.gif (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\content\imgs\home.gif (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\content\imgs\icons.png (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\content\imgs\languages.png (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\content\imgs\logo.PNG (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\content\imgs\lottery.png (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\content\imgs\mj.png (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\ (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\bg.png (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\chooseStation.png (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\lines.gif (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\pauseBtn.png (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\playBtn.png (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\rd_strp.png (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\Thumbs.db (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\content\imgs\privecy_16_hot.gif (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\content\imgs\radio.png (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\content\imgs\search.PNG (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\content\imgs\stat.png (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\content\imgs\tellafriend.gif (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\content\imgs\toolbar_icons_games.png (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\content\imgs\toolbarIcons_casino.png (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\content\imgs\translate.PNG (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\content\imgs\vssver.scc (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\content\mtrprt.js (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\content\mtstart.js (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\content\rd.htm (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\content\server.js (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\content\tmplt.js (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\content\vssver.scc (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\defaults\preferences\ (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\defaults\preferences\babylon.js (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\defaults\preferences\instlPref.js (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\defaults\preferences\vssver.scc (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\install.rdf (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com\vssver.scc (Babylon)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@funmoods.com\ (Funmoods)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@funmoods.com\chrome.manifest (Funmoods)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@funmoods.com\content\ (Funmoods)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@funmoods.com\content\funmoods.css (Funmoods)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@funmoods.com\content\funmoods.xul (Funmoods)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@funmoods.com\content\images\ (Funmoods)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@funmoods.com\content\images\pref.jpg (Funmoods)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@funmoods.com\content\imgs\ (Funmoods)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@funmoods.com\content\imgs\arwDwn.gif (Funmoods)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ (Funmoods)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ae.png (Funmoods)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\bg.png (Funmoods)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ch.png (Funmoods)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\cn.png (Funmoods)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\cz.png (Funmoods)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\de.png (Funmoods)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\eg.png (Funmoods)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\en.png (Funmoods)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\es.png (Funmoods)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\fr.png (Funmoods)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\gr.png (Funmoods)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\he.png (Funmoods)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\il.png (Funmoods)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\it.png (Funmoods)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ja.png (Funmoods)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\jp.png (Funmoods)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\nl.png (Funmoods)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\no.png (Funmoods)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\pl.png (Funmoods)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\pt.png (Funmoods)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ro.png (Funmoods)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ru.png (Funmoods)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\sa.png (Funmoods)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\se.png (Funmoods)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\sv.png (Funmoods)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\tr.png (Funmoods)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ua.png (Funmoods)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\us.png (Funmoods)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@funmoods.com\content\imgs\help_16.gif (Funmoods)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@funmoods.com\content\imgs\home.gif (Funmoods)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@funmoods.com\content\imgs\logo.png (Funmoods)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@funmoods.com\content\imgs\privecy_16_hot.gif (Funmoods)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@funmoods.com\content\imgs\tellafriend.gif (Funmoods)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@funmoods.com\content\loader.xul (Funmoods)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@funmoods.com\content\mtstart.js (Funmoods)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@funmoods.com\content\preferences.xul (Funmoods)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@funmoods.com\content\tmplt.js (Funmoods)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@funmoods.com\install.rdf (Funmoods)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@funmoods.com\META-INF\ (Funmoods)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@funmoods.com\META-INF\le_c6a58f26_4d2d_4341_b387_c4f2289b6170.rsa (Funmoods)
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@funmoods.com\META-INF\le_c6a58f26_4d2d_4341_b387_c4f2289b6170.sf (Funmoods)


Report •

#35
February 2, 2013 at 02:23:19

C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@funmoods.com\META-INF\manifest.mf (Funmoods)
HKLM\SOFTWARE\Classes\AppID\escort.DLL\ (Funmoods)
HKLM\SOFTWARE\Classes\AppID\escortApp.DLL\ (Funmoods)
HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL\ (Funmoods)
HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}\ (Funmoods)
HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\ (Funmoods)
HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}\ (Babylon)
HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\ (Funmoods)
HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}\ (Funmoods)
HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1\ (Babylon)
HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr\ (Babylon)
HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ (SearchQU)
HKLM\SOFTWARE\Classes\f\ (Funmoods)
HKLM\SOFTWARE\Classes\funmoods.dskBnd.1\ (Funmoods)
HKLM\SOFTWARE\Classes\funmoods.dskBnd\ (Funmoods)
HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1\ (Funmoods)
HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr\ (Funmoods)
HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1\ (Funmoods)
HKLM\SOFTWARE\Classes\funmoodsApp.appCore\ (Funmoods)
HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}\ (Funmoods)
HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}\ (SearchQU)
HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}\ (Funmoods)
HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}\ (Funmoods)
HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}\ (Funmoods)
HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}\ (Funmoods)
HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}\ (Funmoods)
HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}\ (Funmoods)
HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}\ (Funmoods)
HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}\ (Funmoods)
HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}\ (Funmoods)
HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}\ (Funmoods)
HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}\ (Funmoods)
HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}\ (Funmoods)
HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}\ (Funmoods)
HKLM\SOFTWARE\Classes\Prod.cap\ (Claro)
HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1\ (SearchQU)
HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard\ (SearchQU)
HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}\ (Funmoods)
HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\ (Funmoods)
HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\ (SearchQU)
HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\ (Funmoods)
HKLM\SOFTWARE\Classes\Wow6432Node\AppID\escort.DLL\ (Funmoods)
HKLM\SOFTWARE\Classes\Wow6432Node\AppID\escortApp.DLL\ (Funmoods)
HKLM\SOFTWARE\Classes\Wow6432Node\AppID\escorTlbr.DLL\ (Funmoods)
HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}\ (Funmoods)
HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\ (Funmoods)
HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}\ (Babylon)
HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\ (Funmoods)
HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}\ (Funmoods)
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ (Babylon)
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}\ (Funmoods)
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}\ (Funmoods)
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ (SearchQU)
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}\ (Funmoods)
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}\ (Funmoods)
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}\ (Funmoods)
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}\ (Funmoods)
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}\ (SearchQU)
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}\ (Funmoods)
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}\ (Funmoods)
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}\ (Funmoods)
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}\ (Funmoods)
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}\ (Funmoods)
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}\ (Funmoods)
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}\ (Funmoods)
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}\ (Funmoods)
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}\ (Funmoods)
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}\ (Funmoods)
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}\ (Funmoods)
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}\ (Funmoods)
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}\ (Funmoods)
HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}\ (Funmoods)
HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\ (Funmoods)
HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\ (SearchQU)
HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\ (Funmoods)
HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\ (Funmoods)
HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj\ (Funmoods)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\funmoods\ (Funmoods)
HKLM\SOFTWARE\Wow6432Node\Babylon\ (Babylon)
HKLM\SOFTWARE\Wow6432Node\DataMngr\ (SearchQU)
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\ (Funmoods)
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj\ (Funmoods)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (Funmoods)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}\ (Funmoods)
HKLM\SOFTWARE\Wow6432Node\SearchquMediabarTb\ (SearchQU)
HKU\S-1-5-21-3131276003-2051770472-3665161498-1000\Software\DataMngr\ (SearchQU)
HKU\S-1-5-21-3131276003-2051770472-3665161498-1000\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\ (Funmoods)
HKU\S-1-5-21-3131276003-2051770472-3665161498-1000\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj\ (Funmoods)
HKU\S-1-5-21-3131276003-2051770472-3665161498-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ (Babylon)
HKU\S-1-5-21-3131276003-2051770472-3665161498-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}\ (Babylon)
HKU\S-1-5-21-3131276003-2051770472-3665161498-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}\ (Funmoods)
HKU\S-1-5-21-3131276003-2051770472-3665161498-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}\ (Funmoods)
HKU\S-1-5-21-3131276003-2051770472-3665161498-1000\Software\Softonic\ (Softonic)

Cookies _____________________________________________________________________

C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:247realmedia.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:2o7.net
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:4tube.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:a1.interclick.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.ad-srv.net
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.e-kolay.net
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.propellerads.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:adbrite.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:adinterax.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:adlegend.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.ad4game.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.adk2.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.bleepingcomputer.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.cpallmedia.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.crakmedia.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.e-planning.net
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.genericlink.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.lzjl.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.p161.net
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pointroll.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.showsplash.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.trafficjunky.net
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.undertone.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.us.e-planning.net
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.vidcannon.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver.adreactor.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:adultadworld.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:adultfriendfinder.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:alotporn.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:alphaporno.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:apmebf.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:ar.atwola.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:atwola.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:autoscout24.112.2o7.net
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:bangbrosteenporn.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:c.atdmt.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:c1.atdmt.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:campusexplorer.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:clickbank.net
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:clicksor.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:cnt.proporn.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:content.yieldmanager.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:dmtracker.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:eaeacom.112.2o7.net
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:eas8.emediate.eu
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:emjcd.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:engine.phn.doublepimp.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:ero-advertising.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:exoclick.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:fbogroup.122.2o7.net
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:googleads.g.doubleclick.net
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:h.atdmt.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:in.getclicky.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:intelligentbeauty.122.2o7.net
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:interclick.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:kontera.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:linksynergy.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:livejasmin.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:mm.chitika.net
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:msnbc.112.2o7.net
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:myroitracking.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:overture.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:pcworldcommunication.122.2o7.net
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:pointroll.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:pornhub.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:premiumtv.122.2o7.net
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:prnewswire.122.2o7.net
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:proporn.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:questionmarket.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:rainbowmedia.122.2o7.net
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:rakuten.112.2o7.net
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:realmedia.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:search.campusexplorer.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:server.cpmstar.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:sexad.net
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:sexynakedladies.tumblr.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:specificclick.net
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:stat.4u.pl
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:stats.aatrk.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:stats.six-updater.net
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:statse.webtrendslive.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:streamate.doublepimp.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:survey.g.doubleclick.net
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:tacoda.at.atwola.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:tacoda.net
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adjal.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.cmllk1.info
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.hubrus.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.right-ads.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.socialclicks.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:tradedoubler.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:uk.sitestat.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.4tube.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.ac-porn.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.campusexplorer.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.pornhub.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.proporn.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.realitykingsteenporn.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:xiti.com
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:yadro.ru
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:yieldmanager.net
C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Cookies:zedo.com
C:\Users\Alban berisha\AppData\Roaming\Microsoft\Windows\Cookies\1PLCI2VV.txt
C:\Users\Alban berisha\AppData\Roaming\Microsoft\Windows\Cookies\1TT7HMTP.txt
C:\Users\Alban berisha\AppData\Roaming\Microsoft\Windows\Cookies\2221N30G.txt
C:\Users\Alban berisha\AppData\Roaming\Microsoft\Windows\Cookies\402FAC21.txt
C:\Users\Alban berisha\AppData\Roaming\Microsoft\Windows\Cookies\5P3AKQJ0.txt
C:\Users\Alban berisha\AppData\Roaming\Microsoft\Windows\Cookies\A77VE3EL.txt
C:\Users\Alban berisha\AppData\Roaming\Microsoft\Windows\Cookies\C5TSI87O.txt
C:\Users\Alban berisha\AppData\Roaming\Microsoft\Windows\Cookies\C84W2NR1.txt
C:\Users\Alban berisha\AppData\Roaming\Microsoft\Windows\Cookies\DFN4C0B8.txt
C:\Users\Alban berisha\AppData\Roaming\Microsoft\Windows\Cookies\K8BIH4VQ.txt
C:\Users\Alban berisha\AppData\Roaming\Microsoft\Windows\Cookies\N0DH31OZ.txt
C:\Users\Alban berisha\AppData\Roaming\Microsoft\Windows\Cookies\NAIATWOH.txt
C:\Users\Alban berisha\AppData\Roaming\Microsoft\Windows\Cookies\U53V0CDV.txt
C:\Users\Alban berisha\AppData\Roaming\Microsoft\Windows\Cookies\ULQXFVSB.txt
C:\Users\Alban berisha\AppData\Roaming\Microsoft\Windows\Cookies\USU9JFZ1.txt
C:\Users\Alban berisha\AppData\Roaming\Microsoft\Windows\Cookies\VTCUAEP1.txt
C:\Users\Alban berisha\AppData\Roaming\Microsoft\Windows\Cookies\XT5F6Y97.txt
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\cookies.sqlite:ad.yieldmanager.com
C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\cookies.sqlite:doubleclick.net


[/code]


Report •

#36
February 2, 2013 at 02:24:15

this is alll , there nothing more , is this text that you wanted to see ,??

Report •

#37
February 2, 2013 at 02:31:04

I have to go out soon, MrGoodguy will be looking after you.

Report •

#38
February 2, 2013 at 02:34:23

ok thanks for all Johnw

Report •

#39
February 2, 2013 at 03:03:46

Hi albo,
Download AdwCleaner from this link:
http://www.bleepingcomputer.com/dow...
AdwCleaner Usage Instructions:
Using AdwCleaner is very simple. Simply download the program and run it. You will then be presented with a screen that contains a Search and Delete button. The Search button will cause AdwCleaner to search your computer for unwanted programs and then display a log showing the various files, folders, and registry entries used by these programs.
To delete these unwanted programs simply click on the Delete button, which will cause AdwCleaner to reboot your computer and remove the files and registry entries associated with the various adware that you are removing. On reboot, AdwCleaner will display a log showing the files, folders, and registry entries that were removed.
Please include the log in your next reply.

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#40
February 2, 2013 at 05:09:08

hi MrGoodGuy
thanks for this helpful information , i have download the Adwcleaner ,and i have done everything what you have say , when he fineshed, he robote my pc , and after reebotin
a text document automaticly its open , and he showes the deleted files ,folders, and other things , i think its much better now , do i need to do something else or this is all , thanks again from all of you guys ,

Report •

#41
February 2, 2013 at 07:00:04

It appears you have several Trojans not to mention a bunch of crapware installed, try this: http://www.simplysup.com/

And this: http://www.filehippo.com/download_m...

And I suggest you uninstall Chrome & stick to Firefox.


Report •

#42
February 2, 2013 at 08:15:19

Hi albo, back again, you haven't done this as requested by MrGoodGuy who is in New Zealand.. They are 12 hours ahead of you, so he will be available before me, I'm off to bed now.

Post #39
"Please include the log in your next reply"


Report •

#43
February 2, 2013 at 10:08:28

Post #39
"Please include the log in your next reply"

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#44
February 2, 2013 at 10:42:07

first time when i used the adwcleaner , he has found lot of thing and he has delet them all ,and when i tryed the second time this is the log

Log for second time

# AdwCleaner v2.109 - Logfile created 02/02/2013 at 19:35:20
# Updated 26/01/2013 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : Alban berisha - ALBANBERISHA-PC
# Boot Mode : Normal
# Running from : C:\Users\Alban berisha\Documents\albo\AdwCleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v11.0 (en-US)

File : C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v24.0.1312.57

File : C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [51412 octets] - [02/02/2013 13:57:44]
AdwCleaner[R2].txt - [1090 octets] - [02/02/2013 19:33:17]
AdwCleaner[R3].txt - [961 octets] - [02/02/2013 19:35:20]
AdwCleaner[S1].txt - [51789 octets] - [02/02/2013 13:58:38]

########## EOF - C:\AdwCleaner[R3].txt - [1081 octets] ##########


Report •

#45
February 2, 2013 at 10:52:24

Can try looking in C:/ for the first AdwCleaner log please if it's not on your desktop?

We will have to run Junkware Removal Tool (JRT) also. Turn off your Antivirus realtime protection.
http://www.bleepingcomputer.com/dow...

Then run HighJackThis please just to see a basic overview of whats on your pc?
http://www.bleepingcomputer.com/dow...
Run, Scan and Save log only do not fix anything yet please.

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#46
February 2, 2013 at 11:42:58

i founded the logs here they are but deleted
part one


# AdwCleaner v2.109 - Logfile created 02/02/2013 at 13:58:38
# Updated 26/01/2013 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : Alban berisha - ALBANBERISHA-PC
# Boot Mode : Normal
# Running from : C:\Users\Alban berisha\Documents\albo\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\END
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\user.js
File Deleted : C:\Users\Alban berisha\AppData\Local\funmoods.crx
File Deleted : C:\Users\Alban berisha\AppData\Local\funmoods-speeddial.crx
File Deleted : C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage
File Deleted : C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage-journal
File Deleted : C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\searchplugins\search.xml
File Deleted : C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\searchplugins\SearchquWebSearch.xml
File Deleted : C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\searchplugins\Startsear.xml
File Deleted : C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\searchplugins\web-search.xml
Folder Deleted : C:\Program Files (x86)\1ClickDownload
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\ConduitEngine
Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com
Folder Deleted : C:\Program Files (x86)\OApps
Folder Deleted : C:\Program Files (x86)\vShare.tv plugin
Folder Deleted : C:\Program Files (x86)\Vuze_Remote
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\BabylonUpdater
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Filesubmit
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\Users\Alban berisha\AppData\Local\APN
Folder Deleted : C:\Users\Alban berisha\AppData\Local\Babylon
Folder Deleted : C:\Users\Alban berisha\AppData\Local\Conduit
Folder Deleted : C:\Users\Alban berisha\AppData\Local\OpenCandy
Folder Deleted : C:\Users\Alban berisha\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Alban berisha\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Alban berisha\AppData\LocalLow\Funmoods
Folder Deleted : C:\Users\Alban berisha\AppData\LocalLow\SearchquTB
Folder Deleted : C:\Users\Alban berisha\AppData\LocalLow\Vuze_Remote
Folder Deleted : C:\Users\Alban berisha\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Alban berisha\AppData\Roaming\Media Finder
Folder Deleted : C:\Users\Alban berisha\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
Folder Deleted : C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\ConduitCommon
Folder Deleted : C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\CT2504091
Folder Deleted : C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
Folder Deleted : C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@babylon.com
Folder Deleted : C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\ffxtlbr@funmoods.com
Folder Deleted : C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\OneClickDownload@OneClickDownload.com
Folder Deleted : C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\extensions\staged
Folder Deleted : C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\SearchquTB
Folder Deleted : C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\Smartbar

***** [Registry] *****

Data Deleted : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\WIE833~1\Datamngr\x64\datamngr.dll
Data Deleted : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\WIE833~1\Datamngr\x64\IEBHO.dll
Data Deleted : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\WIE833~1\Datamngr\datamngr.dll
Data Deleted : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\WIE833~1\Datamngr\IEBHO.dll
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\searchqutb
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Vuze_Remote
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\GamePlayLabs
Key Deleted : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\incredibar
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\MediaFinder
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7FF99715-3016-4381-84CE-E4E4C9673020}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FF99715-3016-4381-84CE-E4E4C9673020}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{65C994A2-C65A-4A20-BA92-AADAFC0DCE49}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\f
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\MF
Key Deleted : HKLM\SOFTWARE\Classes\MyNewsBarLauncher.IE5BarLauncher
Key Deleted : HKLM\SOFTWARE\Classes\MyNewsBarLauncher.IE5BarLauncher.1
Key Deleted : HKLM\SOFTWARE\Classes\MyNewsBarLauncher.IE5BarLauncherBHO
Key Deleted : HKLM\SOFTWARE\Classes\MyNewsBarLauncher.IE5BarLauncherBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2765711
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\conduitEngine
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstallerStub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstallerStub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitUninstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitUninstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{75719530-1519-4567-A0E1-472AFF29B322}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Deleted : HKLM\Software\SearchquMediabarTb
Key Deleted : HKLM\Software\Vuze_Remote
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{75719530-1519-4567-A0E1-472AFF29B322}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7FF99715-3016-4381-84CE-E4E4C9673020}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ocphobfcfafpclibolpjdafgaffkaoci
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{03388B8D-9CCD-4D9F-B1B4-092F7DD2DACE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7FF99715-3016-4381-84CE-E4E4C9673020}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DAB20AAE-74CB-4BF0-A9CE-B6D374F4B54B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F76623EA-7CBC-49C0-B917-B166744129C2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7FF99715-3016-4381-84CE-E4E4C9673020}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Vuze_Remote Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Media Finder]
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{EB132DB0-A4CA-11DF-9732-0E29E0D72085}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{7FF99715-3016-4381-84CE-E4E4C9673020}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]


Report •

#47
February 2, 2013 at 11:43:34

part 2

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzutC0CyByDtDzztBtCtB0DzyyCyEtB0F0CtN0D0Tzu0CtBtCtAtN1L2XzutBtFtCtFtDtFtAtDtC&cr=831037193 --> hxxp://www.google.com
Deleted : [HKCU\Software\Microsoft\Internet Explorer\Main - Backup.Old.Start Page]
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzutC0CyByDtDzztBtCtB0DzyyCyEtB0F0CtN0D0Tzu0CtBtCtAtN1L2XzutBtFtCtFtDtFtAtDtC&cr=831037193 --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzutC0CyByDtDzztBtCtB0DzyyCyEtB0F0CtN0D0Tzu0CtBtCtAtN1L2XzutBtFtCtFtDtFtAtDtC&cr=831037193 --> hxxp://www.google.com

-\\ Mozilla Firefox v11.0 (en-US)

File : C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\prefs.js

C:\Users\Alban berisha\AppData\Roaming\Mozilla\Firefox\Profiles\ft5s9j04.default\user.js ... Deleted !

Deleted : user_pref("CT2504091.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2504091.CBOpenMAMSettings", "0");
Deleted : user_pref("CT2504091.CTID", "CT2504091");
Deleted : user_pref("CT2504091.CurrentServerDate", "8-2-2011");
Deleted : user_pref("CT2504091.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2504091.DownloadReferralCookieData", "");
Deleted : user_pref("CT2504091.EMailNotifierPollDate", "Tue Feb 08 2011 11:58:54 GMT-0800 (Pacific Standard Ti[...]
Deleted : user_pref("CT2504091.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT2504091.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT2504091.FeedLastCount129079840422964131", 0);
Deleted : user_pref("CT2504091.FeedPollDate128891351169457140", "Tue Feb 08 2011 11:58:54 GMT-0800 (Pacific St[...]
Deleted : user_pref("CT2504091.FeedPollDate129079840422964131", "Tue Feb 08 2011 11:58:54 GMT-0800 (Pacific St[...]
Deleted : user_pref("CT2504091.FirstServerDate", "8-2-2011");
Deleted : user_pref("CT2504091.FirstTime", true);
Deleted : user_pref("CT2504091.FirstTimeFF3", true);
Deleted : user_pref("CT2504091.FirstTimeSettingsDone", true);
Deleted : user_pref("CT2504091.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2504091.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2504091.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2504091.Initialize", true);
Deleted : user_pref("CT2504091.InitializeCommonPrefs", true);
Deleted : user_pref("CT2504091.InstallationAndCookieDataSentCount", 1);
Deleted : user_pref("CT2504091.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT2504091.InstalledDate", "Tue Feb 08 2011 11:58:54 GMT-0800 (Pacific Standard Time)");
Deleted : user_pref("CT2504091.IsGrouping", false);
Deleted : user_pref("CT2504091.IsMulticommunity", false);
Deleted : user_pref("CT2504091.IsOpenThankYouPage", false);
Deleted : user_pref("CT2504091.IsOpenUninstallPage", false);
Deleted : user_pref("CT2504091.LanguagePackLastCheckTime", "Tue Feb 08 2011 11:58:57 GMT-0800 (Pacific Standar[...]
Deleted : user_pref("CT2504091.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2504091.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2504091.LastLogin_2.7.2.0", "Tue Feb 08 2011 11:58:54 GMT-0800 (Pacific Standard Time)"[...]
Deleted : user_pref("CT2504091.LatestVersion", "2.7.2.0");
Deleted : user_pref("CT2504091.Locale", "en-us");
Deleted : user_pref("CT2504091.LoginCache", 4);
Deleted : user_pref("CT2504091.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2504091.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2504091.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2504091.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT2504091.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2504091.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT250[...]
Deleted : user_pref("CT2504091.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2504091.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2504091.SearchInNewTabLastCheckTime", "Tue Feb 08 2011 11:58:54 GMT-0800 (Pacific Stand[...]
Deleted : user_pref("CT2504091.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2504091.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2504091.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2504091.SettingsLastCheckTime", "Tue Feb 08 2011 11:58:52 GMT-0800 (Pacific Standard Ti[...]
Deleted : user_pref("CT2504091.SettingsLastUpdate", "1297181872");
Deleted : user_pref("CT2504091.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2504091.ThirdPartyComponentsLastCheck", "Tue Feb 08 2011 11:58:52 GMT-0800 (Pacific Sta[...]
Deleted : user_pref("CT2504091.ThirdPartyComponentsLastUpdate", "1246790578");
Deleted : user_pref("CT2504091.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Deleted : user_pref("CT2504091.Uninstall", true);
Deleted : user_pref("CT2504091.UserID", "UN08368968625147943");
Deleted : user_pref("CT2504091.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT2504091.alertChannelId", "897164");
Deleted : user_pref("CT2504091.autoDisableScopes", 14);
Deleted : user_pref("CT2504091.cbcountry_001", "AL");
Deleted : user_pref("CT2504091.cbfirsttime", "Sun Oct 21 2012 09:43:54 GMT+0200 (Central Europe Daylight Time)[...]
Deleted : user_pref("CT2504091.clientLogIsEnabled", false);
Deleted : user_pref("CT2504091.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT2504091.defaultSearch", "false");
Deleted : user_pref("CT2504091.embeddedsData", "[{\"appId\":\"129079840422026594\",\"apiPermissions\":{\"cross[...]
Deleted : user_pref("CT2504091.enableAlerts", "true");
Deleted : user_pref("CT2504091.enableSearchFromAddressBar", "true");
Deleted : user_pref("CT2504091.firstTimeDialogOpened", true);
Deleted : user_pref("CT2504091.fixPageNotFoundError", "true");
Deleted : user_pref("CT2504091.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT2504091.fixUrls", true);
Deleted : user_pref("CT2504091.installId", "ConduitInstallerStub.exe");
Deleted : user_pref("CT2504091.installType", "ConduitNSISIntegration");
Deleted : user_pref("CT2504091.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT2504091.isNewTabEnabled", true);
Deleted : user_pref("CT2504091.isPerformedSmartBarTransition", "true");
Deleted : user_pref("CT2504091.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT2504091.myStuffEnabled", true);
Deleted : user_pref("CT2504091.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2504091.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2504091.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2504091.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2504091.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxps[...]
Deleted : user_pref("CT2504091.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Deleted : user_pref("CT2504091.openThankYouPage", "false");
Deleted : user_pref("CT2504091.openUninstallPage", "false");
Deleted : user_pref("CT2504091.search.searchAppId", "129079840422026594");
Deleted : user_pref("CT2504091.search.searchCount", "0");
Deleted : user_pref("CT2504091.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT2504091.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT2504091.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT2504091.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT2504091.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Deleted : user_pref("CT2504091.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1350805423825");
Deleted : user_pref("CT2504091.serviceLayer_services_appsMetadata_lastUpdate", "1350805423440");
Deleted : user_pref("CT2504091.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1350805425036");
Deleted : user_pref("CT2504091.serviceLayer_services_login_10.10.27.6_lastUpdate", "1359742307630");
Deleted : user_pref("CT2504091.serviceLayer_services_optimizer_lastUpdate", "1350805428558");
Deleted : user_pref("CT2504091.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1350805426796");
Deleted : user_pref("CT2504091.serviceLayer_services_searchAPI_lastUpdate", "1350805422055");
Deleted : user_pref("CT2504091.serviceLayer_services_serviceMap_lastUpdate", "1359742306039");
Deleted : user_pref("CT2504091.serviceLayer_services_toolbarContextMenu_lastUpdate", "1350805424974");
Deleted : user_pref("CT2504091.serviceLayer_services_toolbarSettings_lastUpdate", "1359742307377");
Deleted : user_pref("CT2504091.serviceLayer_services_translation_lastUpdate", "1359742307515");
Deleted : user_pref("CT2504091.settingsINI", true);
Deleted : user_pref("CT2504091.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT2504091.smartbar.CTID", "CT2504091");
Deleted : user_pref("CT2504091.smartbar.Uninstall", "0");
Deleted : user_pref("CT2504091.smartbar.isHidden", true);
Deleted : user_pref("CT2504091.smartbar.toolbarName", "Vuze Remote ");
Deleted : user_pref("CT2504091.startPage", "userChanged");
Deleted : user_pref("CT2504091.toolbarBornServerTime", "8-2-2011");
Deleted : user_pref("CT2504091.toolbarCurrentServerTime", "1-2-2013");
Deleted : user_pref("CT2504091.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CT2504091.url_history0001", "hxxps://www.google.com:::clickhandler:::1353516819274,,,hxxp[...]
Deleted : user_pref("CT2765711..clientLogIsEnabled", false);
Deleted : user_pref("CT2765711..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2765711..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2765711.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2765711.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2765711.BrowserCompStateIsOpen_129681714285417717", true);
Deleted : user_pref("CT2765711.BrowserCompStateIsOpen_129738909627389163", true);
Deleted : user_pref("CT2765711.BrowserCompStateIsOpen_5247764004679560773", true);
Deleted : user_pref("CT2765711.CTID", "CT2765711");
Deleted : user_pref("CT2765711.CurrentServerDate", "20-5-2012");
Deleted : user_pref("CT2765711.DSInstall", false);
Deleted : user_pref("CT2765711.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2765711.DialogsGetterLastCheckTime", "Sun May 20 2012 09:18:30 GMT+0200 (Central Europe[...]
Deleted : user_pref("CT2765711.DownloadReferralCookieData", "");
Deleted : user_pref("CT2765711.FirstServerDate", "20-5-2012");
Deleted : user_pref("CT2765711.FirstTime", true);
Deleted : user_pref("CT2765711.FirstTimeFF3", true);
Deleted : user_pref("CT2765711.FirstTimeHiddenVer", true);
Deleted : user_pref("CT2765711.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2765711.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2765711.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2765711.HPInstall", false);
Deleted : user_pref("CT2765711.HasUserGlobalKeys", true);
Deleted : user_pref("CT2765711.Initialize", true);
Deleted : user_pref("CT2765711.InitializeCommonPrefs", true);
Deleted : user_pref("CT2765711.InstallationAndCookieDataSentCount", 1);
Deleted : user_pref("CT2765711.InstallationId", "ConduitStubGeneric");
Deleted : user_pref("CT2765711.InstallationType", "ConduitStubIntegration");
Deleted : user_pref("CT2765711.InstalledDate", "Sun May 20 2012 09:18:30 GMT+0200 (Central Europe Daylight Tim[...]
Deleted : user_pref("CT2765711.InvalidateCache", false);
Deleted : user_pref("CT2765711.IsGrouping", false);
Deleted : user_pref("CT2765711.IsInitSetupIni", true);
Deleted : user_pref("CT2765711.IsMulticommunity", false);
Deleted : user_pref("CT2765711.IsOpenThankYouPage", false);
Deleted : user_pref("CT2765711.IsOpenUninstallPage", true);
Deleted : user_pref("CT2765711.LanguagePackLastCheckTime", "Sun May 20 2012 09:18:34 GMT+0200 (Central Europe [...]
Deleted : user_pref("CT2765711.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2765711.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2765711.LastLogin_3.12.2.3", "Sun May 20 2012 09:18:33 GMT+0200 (Central Europe Dayligh[...]
Deleted : user_pref("CT2765711.LatestVersion", "3.12.2.3");
Deleted : user_pref("CT2765711.Locale", "en-us");
Deleted : user_pref("CT2765711.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2765711.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2765711.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2765711.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2765711.OriginalFirstVersion", "3.12.2.3");
Deleted : user_pref("CT2765711.RadioIsPodcast", false);
Deleted : user_pref("CT2765711.RadioLastCheckTime", "Sun May 20 2012 09:18:33 GMT+0200 (Central Europe Dayligh[...]
Deleted : user_pref("CT2765711.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2765711.RadioLastUpdateServer", "3");
Deleted : user_pref("CT2765711.RadioMediaID", "9962");
Deleted : user_pref("CT2765711.RadioMediaType", "Media Player");
Deleted : user_pref("CT2765711.RadioMenuSelectedID", "EBRadioMenu_CT27657119962");
Deleted : user_pref("CT2765711.RadioShrinkedFromSetup", false);
Deleted : user_pref("CT2765711.RadioStationName", "California%20Rock");
Deleted : user_pref("CT2765711.RadioStationURL", "hxxp://feedlive.net/california.asx");
Deleted : user_pref("CT2765711.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT2765711.SearchCaption", "AF-HSS Customized Web Search");
Deleted : user_pref("CT2765711.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2765711.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT276[...]
Deleted : user_pref("CT2765711.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2765711.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2765711.SearchInNewTabLastCheckTime", "Sun May 20 2012 09:18:33 GMT+0200 (Central Europ[...]
Deleted : user_pref("CT2765711.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2765711.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT2765711.ServiceMapLastCheckTime", "Sun May 20 2012 09:18:29 GMT+0200 (Central Europe Da[...]
Deleted : user_pref("CT2765711.SettingsLastCheckTime", "Sun May 20 2012 09:18:29 GMT+0200 (Central Europe Dayl[...]
Deleted : user_pref("CT2765711.SettingsLastUpdate", "1337169810");
Deleted : user_pref("CT2765711.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2765711&SearchSource=13");
Deleted : user_pref("CT2765711.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2765711.ThirdPartyComponentsLastCheck", "Sun May 20 2012 09:18:29 GMT+0200 (Central Eur[...]
Deleted : user_pref("CT2765711.ThirdPartyComponentsLastUpdate", "1331805997");
Deleted : user_pref("CT2765711.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2765711.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2765711");
Deleted : user_pref("CT2765711.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2765711.UserID", "UN22433512686624912");
Deleted : user_pref("CT2765711.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2765711.alertChannelId", "1157832");
Deleted : user_pref("CT2765711.backendstorage.cbcountry_000", "414C");
Deleted : user_pref("CT2765711.backendstorage.cbfirsttime", "53756E204D617920323020323031322030393A31383A34302[...]
Deleted : user_pref("CT2765711.backendstorage.gk_iolo_notif2_sent", "73656E74");
Deleted : user_pref("CT2765711.backendstorage.installationdate0.2646799591156723", "31333337343938333135333535[...]
Deleted : user_pref("CT2765711.backendstorage.shoppingapp.gk.exipres", "467269204D617920323520323031322030393A[...]
Deleted : user_pref("CT2765711.backendstorage.shoppingapp.gk.geolocation", "616C62616E6961");
Deleted : user_pref("CT2765711.backendstorage.toolbarappheartbeat", "7B22223A313333373439383331353332387D");
Deleted : user_pref("CT2765711.backendstorage.toolbarnotificationqueue", "5B7B22617070223A302E3236343637393935[...]
Deleted : user_pref("CT2765711.backendstorage.toolbarnotificationsettings", "7B2273656E644E6F74696669636174696[...]
Deleted : user_pref("CT2765711.backendstorage.toolbarnotificationuserid", "3336303631383130313338");
Deleted : user_pref("CT2765711.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2765711.globalFirstTimeInfoLastCheckTime", "Sun May 20 2012 09:18:31 GMT+0200 (Central [...]
Deleted : user_pref("CT2765711.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2765711.initDone", true);
Deleted : user_pref("CT2765711.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2765711.isFirstRadioInstallation", false);
Deleted : user_pref("CT2765711.myStuffEnabled", true);
Deleted : user_pref("CT2765711.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2765711.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2765711.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2765711.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2765711.navigateToUrlOnSearch", false);
Deleted : user_pref("CT2765711.revertSettingsEnabled", true);
Deleted : user_pref("CT2765711.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2765711.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2765711.testingCtid", "");
Deleted : user_pref("CT2765711.toolbarAppMetaDataLastCheckTime", "Sun May 20 2012 09:18:30 GMT+0200 (Central E[...]
Deleted : user_pref("CT2765711.toolbarContextMenuLastCheckTime", "Sun May 20 2012 09:18:34 GMT+0200 (Central E[...]
Deleted : user_pref("CT2765711.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2765711/CT2765711[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1157832/1153519/AL", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2765711", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2765711",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Alban berisha\\AppData\\Roaming\\Mo[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.12.2.3");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2504091,CT2765711");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2504091,CT2765711");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2765711");
Deleted : user_pref("CommunityToolbar.globalUserId", "0855c928-84fe-437a-9dc2-04d896a77bcf");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2765711");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun May 20 2012 09:18:3[...]
Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", true);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sun May 20 2012 09:18:31 GMT+020[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sun May 20 2012 09:18:31 GMT+0200 (C[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "efd21e94-e7ab-467c-90bb-d758b60a299a");
Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.searchqu.com/405");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Hotspot Shield Private Search");
Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties[...]
Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT2765711");
Deleted : user_pref("backup.old.browser.search.defaultenginename", "Ask.com");
Deleted : user_pref("backup.old.browser.search.selectedEngine", "Ask.com");
Deleted : user_pref("backup.old.browser.startup.homepage", "hxxp://www.searchqu.com/405");
Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=111015");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "ceb542fc000000000000000000000000");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "ceb542fc000000000000000000000000");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15421");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.179:45:17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Deleted : user_pref("extensions.dynconff.cache.www.google.com.content", "<package expire=\"3600\" es=\"914\" p[...]
Deleted : user_pref("extensions.dynconff.cache.www.search-results.com.content", "<package expire=\"3600\" es=\[...]
Deleted : user_pref("extensions.dynconff.cache.www.search-results.com.expires", "1359745812058");
Deleted : user_pref("extensions.enabledAddons", "firefox@red-cog.com:2.9,support@surfanonymous-free.com:1.0,ff[...]
Deleted : user_pref("extensions.funmoods.aflt", "nv1");
Deleted : user_pref("extensions.funmoods.autoRvrt", false);
Deleted : user_pref("extensions.funmoods.cntry", "AL");
Deleted : user_pref("extensions.funmoods.cv", "cv5");
Deleted : user_pref("extensions.funmoods.dfltLng", "");
Deleted : user_pref("extensions.funmoods.dfltSrch", true);
Deleted : user_pref("extensions.funmoods.dnsErr", true);
Deleted : user_pref("extensions.funmoods.envrmnt", "production");
Deleted : user_pref("extensions.funmoods.excTlbr", false);
Deleted : user_pref("extensions.funmoods.hdrMd5", "7493B26B911F723F2134B68B09B2C31D");
Deleted : user_pref("extensions.funmoods.hmpg", true);
Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2[...]
Deleted : user_pref("extensions.funmoods.id", "1C7508212D9642FC");
Deleted : user_pref("extensions.funmoods.instlDay", "15552");
Deleted : user_pref("extensions.funmoods.instlRef", "nv1");
Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2215:3:23");
Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Deleted : user_pref("extensions.funmoods.newTab", true);
Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=nv1&chnl=nv1&cd=2XzuyEt[...]
Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
Deleted : user_pref("extensions.funmoods.sg", "none");
Deleted : user_pref("extensions.funmoods.smplGrp", "none");
Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");
Deleted : user_pref("extensions.funmoods.tlbrId", "base");
Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=nv1&chnl=nv1&cd=2Xzuy[...]
Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2215:3:23");
Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Deleted : user_pref("extensions.funmoods_i.newTab", true);
Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2215:3:23");
Deleted : user_pref("extensions.plugin@gameplaylabs.com.fr", "1300568905");
Deleted : user_pref("extensions.plugin@gameplaylabs.com.rule_/", "1300568957");
Deleted : user_pref("extensions.plugin@gameplaylabs.com.rule_dealsplugin.com/", "1300568957");
Deleted : user_pref("extensions.plugin@gameplaylabs.com.rule_facebook.com", "1300568957");
Deleted : user_pref("extensions.plugin@gameplaylabs.com.rule_hxxp", "1300568957");
Deleted : user_pref("extensions.plugin@gameplaylabs.com.rule_hxxp://www.facebook.com/plugins/like.php?href=htt[...]
Deleted : user_pref("extensions.plugin@gameplaylabs.com.rule_iqquizgame.com/", "1300568957");
Deleted : user_pref("extensions.plugin@gameplaylabs.com.rule_play-ga.me/", "1300568957");
Deleted : user_pref("extensions.plugin@gameplaylabs.com.rule_revealmycrush.com/", "1300568957");
Deleted : user_pref("extensions.plugin@gameplaylabs.com.rule_unlock-this.com/browserplugin", "1300568957");
Deleted : user_pref("extensions.plugin@gameplaylabs.com.rule_unlock-this.com/plugin", "1300568957");
Deleted : user_pref("extensions.vshare@toolbar.update.enabled", false);
Deleted : user_pref("keyword.URL", "hxxp://www.searchqu.com/web?src=ffb&systemid=405&q=");

-\\ Google Chrome v24.0.1312.57

File : C:\Users\Alban berisha\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [51412 octets] - [02/02/2013 13:57:44]
AdwCleaner[S1].txt - [51710 octets] - [02/02/2013 13:58:38]

########## EOF - C:\AdwCleaner[S1].txt - [51771 octets] ##########


Report •

#48
February 2, 2013 at 11:44:27

and now i will try to download those programs what you says,

Report •

#49
February 2, 2013 at 11:46:49

Thanks for the log. Please continue with the other two tools please.

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#50
February 2, 2013 at 11:54:29

yes no problem , now i am using Junkware removal tool , and when this its finished i will use the highjack ,

Report •

#51
February 2, 2013 at 11:59:23

the junkware removal tool its finished , and this is the log from this program

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.5.8 (01.31.2013:1)
OS: Windows 7 Home Premium x64
Ran by Alban berisha on Sat 02/02/2013 at 20:46:36.95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{f0381dbd-e018-4e07-ae40-d96ab15083f0}
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}\\URL

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\sweetim
Successfully deleted: [Registry Key] hkey_local_machine\software\sweetim
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\bho.dll

~~~ Files

Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.1049.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.1049.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Alban berisha\AppData\Roaming\drivercure"

~~~ FireFox

Successfully deleted the following from C:\Users\Alban berisha\AppData\Roaming\mozilla\firefox\profiles\ft5s9j04.default\prefs.js

user_pref("extension.WeatherBug.DefaultTab", "0");

~~~ Chrome

Successfully deleted: [Registry Key] hkey_current_user\software\google\chrome\extensions\afbcibndhffhhbokgpbpecjmejjcgcej
Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\afbcibndhffhhbokgpbpecjmejjcgcej

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 02/02/2013 at 20:56:23.76
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Report •

#52
February 2, 2013 at 12:01:13

and this is from HiJack log
i clicked do a system scan only and save a logfile ,


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:58:39 PM, on 2/2/2013
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: UnfriendApp - {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\Program Files (x86)\UnfriendApp\IE\common.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\8.0"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Alban berisha\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_9383341AC9D173E033CEEFED459DADB6] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{02D34ACA-5D0F-4168-AB6D-C58F7379151A}: NameServer = 4.2.2.1,4.2.2.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{640BA023-EF3A-4A7D-AE53-CCE0D3197F16}: NameServer = 8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{02D34ACA-5D0F-4168-AB6D-C58F7379151A}: NameServer = 4.2.2.1,4.2.2.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{02D34ACA-5D0F-4168-AB6D-C58F7379151A}: NameServer = 4.2.2.1,4.2.2.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14290 bytes


Report •

#53
February 2, 2013 at 12:05:53

Your doing great, that was alot of crapware that was removed :)
Download, run, update and quickscan with Malwarebytes free, while I go over your logs please :)
http://www.malwarebytes.org/

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#54
February 2, 2013 at 12:20:56

i have use this software before , look at post #41 do you want the first log , or do you want the second log ive done it right now ??

Report •

#55
February 2, 2013 at 12:26:26

To delete with HJT run it again and check mark the following for removal please.

O2 - BHO: UnfriendApp - {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\Program Files (x86)\UnfriendApp\IE\common.dll

O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume


Ok there was nothing too nasty in the HJT log, but these four Tcpip look out of place. If you did not add them or know nothing of them we will remove them?
O17 - HKLM\System\CCS\Services\Tcpip\..\{02D34ACA-5D0F-4168-AB6D-C58F7379151A}: NameServer = 4.2.2.1,4.2.2.2

O17 - HKLM\System\CCS\Services\Tcpip\..\{640BA023-EF3A-4A7D-AE53-CCE0D3197F16}: NameServer = 8.8.8.8

O17 - HKLM\System\CS1\Services\Tcpip\..\{02D34ACA-5D0F-4168-AB6D-C58F7379151A}: NameServer = 4.2.2.1,4.2.2.2

O17 - HKLM\System\CS2\Services\Tcpip\..\{02D34ACA-5D0F-4168-AB6D-C58F7379151A}: NameServer = 4.2.2.1,4.2.2.2

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#56
February 2, 2013 at 12:29:59

Im after the second Malwarebytes log please :)

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#57
February 2, 2013 at 12:37:52

im so sorry but from this last post for hijack i didnt understand what to do , its too hard for me because i have never done something like this before,
and for malaware bytes im going to send you the second log .. right??

Report •

#58
February 2, 2013 at 12:42:20

Yes please send the second malwarebytes log in. You are doing just fine :)

HighJackThis you will need to run it again, in the main windows check mark (Tick) the following for removal.

O2 - BHO: UnfriendApp - {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\Program Files (x86)\UnfriendApp\IE\common.dll

O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

I want to check with johnw about the Tcpip entries just to be sure they should be removed.

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#59
February 2, 2013 at 12:47:25

ok :D ,, i founded those two , i marked them and now what should i press to delete them ,
and here is the log from malwarebytes

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.02.08

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Alban berisha :: ALBANBERISHA-PC [administrator]

Protection: Enabled

2/2/2013 9:14:56 PM
MBAM-log-2013-02-02 (21-18-33).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 217902
Time elapsed: 2 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 4
C:\Program Files (x86)\Mozilla Firefox\extensions\{C8431CD2-C25A-45F3-BEA9-A9103C31409A} (PUP.Zwangi) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\{C8431CD2-C25A-45F3-BEA9-A9103C31409A}\chrome (PUP.Zwangi) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\{C8431CD2-C25A-45F3-BEA9-A9103C31409A}\defaults (PUP.Zwangi) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\{C8431CD2-C25A-45F3-BEA9-A9103C31409A}\defaults\preferences (PUP.Zwangi) -> No action taken.

Files Detected: 4
C:\Program Files (x86)\Mozilla Firefox\extensions\{C8431CD2-C25A-45F3-BEA9-A9103C31409A}\chrome.manifest (PUP.Zwangi) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\{C8431CD2-C25A-45F3-BEA9-A9103C31409A}\install.rdf (PUP.Zwangi) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\{C8431CD2-C25A-45F3-BEA9-A9103C31409A}\chrome\resulturl.jar (PUP.Zwangi) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\{C8431CD2-C25A-45F3-BEA9-A9103C31409A}\defaults\preferences\prefs.js (PUP.Zwangi) -> No action taken.

(end)


Report •

#60
February 2, 2013 at 13:09:20

For the two HJT entries press the "Fix checked" button then close HJT.

For the Malwarebytes PUP removals you need to run the quick scan again, when you get to the found entries list you need to check mark the entries for removal. Then press the "Remove Selected" button.
http://www.bleepingcomputer.com/vir...

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#61
February 2, 2013 at 13:29:27

ok i have done everything what you have say , what should i do now , or this is all ?

Report •

#62
February 2, 2013 at 13:39:23

We are getting there :) Download the ESET Online scanner, it needs Internet explorer to run.
http://www.eset.com/online-scanner-...

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#63
February 2, 2013 at 14:20:04

ok i downloaded the eset online scaner , and its scaning my computer ,now its 37 % and infected files are 0,, i will tell you when this is finished , :D

Report •

#64
February 2, 2013 at 14:28:13

ESET can take a long time to scan, but it does an excellent job so is worth the wait :)

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#65
February 2, 2013 at 14:50:12

Do you have a Antivirus program installed? I suggest Avast free version.
http://www.avast.com/en-au/free-ant...

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#66
February 2, 2013 at 14:53:54

yeah very long time now its 52 minuts till he started , for antivirus i have internet security esentsial , what to you think for this ,

Report •

#67
February 2, 2013 at 15:03:56

:) Sorry about ESET, I know it's getting late where you are.

I would remove Internet Security Essentials, are you sure of your spelling. Its a fake Antivirus program; http://en.wikipedia.org/wiki/Intern...

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#68
February 2, 2013 at 15:06:14

Is it Webroot's Internet Security Essentials, I would still choose Avast free.

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#69
February 2, 2013 at 15:13:48

oohhh im soo sorry its microsoft security esentsial , i am getting tired thats why i writed that wrong

Report •

#70
February 2, 2013 at 15:19:59

All good, I would replace MSE with Avast in my opinion. We can call it a night for now, leave ESET running. Send the log in when you can :) Goodnight get some sleep.
Its 12:19pm here. (12hr difference)

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#71
February 2, 2013 at 15:23:23

ok bro ,thank you very much , i will send you the log tomorrow , and for antivirus if you think is better.. then i will change , :D

Report •

#72
February 3, 2013 at 00:40:33

hello MrGoodGuy , i just get up :D the scan has finished
and it says Threats Found
infected files 7
cleande files 6

what should i do now , and where i can find the log ,


Report •

#73
February 3, 2013 at 01:35:40

"where i can find the log"
The path to the log file is "C:\Program Files\EsetOnlineScanner\log.txt". You can view this file by navigating to the directory and double-clicking on it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start ? Run dialog box from the Start Menu on the desktop.

"what should i do now"
We will let you know after looking at the log.


Report •

#74
February 3, 2013 at 01:43:44

Hi albo,
At the end of the scan you would have seen a "Finish" button. When you clicked that it would have removed the infected entries. We can make sure by looking over your log.
ESET online scanner log.txt is the name of the log. You should should find it here

"C:\Program Files\ESET\EsetOnlineScanner\log.txt"

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#75
February 3, 2013 at 01:46:24

Sorry for the overlap. I was just checking in, I will leave you with Johnw as he will do exactly what I would do :)

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#76
February 3, 2013 at 02:02:41

hello again Johnw :D i think i fonunden the log ,


ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6889
# api_version=3.0.2
# EOSSerial=3634125d5042f746b13bc6233443963c
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-02-02 11:36:57
# local_time=2013-02-03 12:36:57 (+0100, Central Europe Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=5892 16777213 88 94 10607933 13491189 0 0
# scanned=211417
# found=7
# cleaned=6
# scan_time=5758
C:\Windows\SysWOW64\4bd4b8ea.exe Win32/Adware.Primawega.AJ application A52CD826EDF157EB616789ABDDFA8884CB172342 I
C:\Program Files (x86)\Windows Savevid MediaBar\ToolBar\chrome\content\searchqutb.js Win32/Adware.Bandoo application (cleaned by deleting - quarantined) 73C7F651635F7B5096284FF13B16A1E08C2D017B C
C:\Program Files (x86)\Windows Savevid MediaBar\ToolBar\chrome\content\toolbar.htm Win32/Adware.Bandoo application (cleaned by deleting - quarantined) 55E8B149404360EB7E208194DA4B402F56A2D155 C
C:\Program Files (x86)\Windows Savevid MediaBar\ToolBar\chrome\content\toolbar.xul Win32/Adware.Bandoo application (cleaned by deleting - quarantined) D0A7CD7BEBC7D02B8C49AE227CD7F9446739F33E C
C:\Program Files (x86)\Windows Savevid MediaBar\ToolBar\SearchquDx.dll Win32/Adware.Bandoo application (cleaned by deleting - quarantined) 21569742DB2E4B878560C81B1C4D660AA411F2EE C
C:\Program Files (x86)\Windows Savevid MediaBar\ToolBar\SearchquTb.dll Win32/Adware.Bandoo application (cleaned by deleting - quarantined) 1A498F432A96828D995C4CC065C8C030702BC1A7 C
C:\Windows\System32\4bd4b8ea.exe Win32/Adware.Primawega.AJ application (cleaned by deleting - quarantined) A52CD826EDF157EB616789ABDDFA8884CB172342 C


Report •

#77
February 3, 2013 at 02:03:30

well thanks and good night , MrGoodguy :D

Report •

#78
February 3, 2013 at 02:15:03

Thanks albo.

Run RogueKiller please.
http://www.softpedia.com/get/Securi...
http://www.softpedia.com/progScreen...
http://majorgeeks.com/RogueKiller_d...
http://www.geekstogo.com/forum/file...
http://www.sur-la-toile.com/RogueKi...
http://www.sur-la-toile.com/RogueKi...
RogueKiller tutorial
http://en.kioskea.net/faq/11626-rog...
•Please quit all programs
•Right-click the RogueKiller file and select "Run as Administrator'
•Press: SCAN
•On the RogueKiller console, click the Registry tab.
•Make sure the entries there are checked.
•Then, press the [Delete] button.
An RKreport (Mode: Delete) is created on the Desktop.
Please provide the RKreport (Mode: Delete) in your reply.
Restart the computer.


Report •

#79
February 3, 2013 at 03:33:43

ok johnw , i downloaded the roguekiller and i pressed scan he found 2 threats and then i pressed delete , and this is the log ,


RogueKiller V8.4.4 [Feb 1 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/file...
Website : http://tigzy.geekstogo.com/roguekil...
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : Alban berisha [Admin rights]
Mode : Remove -- Date : 02/03/2013 12:21:14
| ARK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS545025B9A300 +++++
--- User ---
[MBR] d99d21e0fbb8ab50c668ee2c2b6676c7
[BSP] 74d065e0e76ac4d415baab153130345c : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13312 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 27265024 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 27469824 | Size: 225061 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3]_D_02032013_02d1221.txt >>
RKreport[1]_S_02032013_02d1220.txt ; RKreport[2]_S_02032013_02d1221.txt ; RKreport[3]_D_02032013_02d1221.txt


Report •

#80
February 3, 2013 at 03:35:12

ok johnw , i downloaded the roguekiller and i pressed scan he found 2 threats and then i pressed delete ,

Report •

#81
February 3, 2013 at 03:40:22

Thanks albo.

Run Malwarebytes' Anti-Malware ( MBAM ) again.
Use Quick scan. Click the Remove Selected button after the scan. Post log please.


Report •

#82
February 3, 2013 at 03:47:41

ok done .. here is the log , i think its a good news :D :D

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.02.08

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Alban berisha :: ALBANBERISHA-PC [administrator]

Protection: Enabled

2/3/2013 12:42:39 PM
mbam-log-2013-02-03 (12-42-39).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 217940
Time elapsed: 3 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Report •

#83
February 3, 2013 at 03:51:14

Run Wise Disk Cleaner ( Run the 1st three tabs, left to right. I use default settings, leave boxes that are unchecked, unchecked ) Reboot when finished.
http://www.softpedia.com/get/System...
http://www.softpedia.com/progScreen...
http://www.wisecleaner.com/download...

Run Wise Registry Cleaner ( Only use Registry Cleaner & with default settings. Don't use System Tuneup, that is for Experts, you really have to know what you are doing ) Reboot when finished.
http://www.softpedia.com/get/Tweak/...
http://www.softpedia.com/progScreen...
http://www.wisecleaner.com/wiseregi...


Report •

#84
February 3, 2013 at 03:58:12

"i think its a good news :D :D"
I do to.

When finished post #83, let me know how it is running.

Malware Prevention
http://www.malwarevault.com/prevent...
"There is no magic involved. The majority of malware is installed by the user themselves"


Report •

#85
February 3, 2013 at 04:11:31

ok its done with #83 , he found lot of thing , and now they are deleted its there any log for this ,

Report •

#86
February 3, 2013 at 04:24:08

"its there any log for this"
Nope.

Report •

#87
February 3, 2013 at 04:29:14

Run TFC
http://www.geekstogo.com/forum/file...
http://oldtimer.geekstogo.com/TFC.exe
http://www.itxassociates.com/OT-Too...
Please double-click TFC.exe to run it. (Note: If you are running on Vista/Windows 7, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Report •

#88
February 3, 2013 at 04:31:26

do i need to do something else or this is all ? and can i delete some logs that they are now in my desktop , its full of them :D

Report •

#89
February 3, 2013 at 04:40:18

sorry i saw your post after i writed my post ,
ok its done with TFC , he deleted 101mb ,.

Report •

#90
February 3, 2013 at 04:41:10

"do i need to do something else"
Download Security Check by screen317 from one of the following links and save it to your desktop.
http://screen317.spywareinfoforum.o...
http://screen317.changelog.fr/Secur...
* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Save it to your Desktop.
* Double click SecurityCheck.exe. If you run Windows Vista or 7, right click and choose 'Run as Administrator'.
o If you are asked by Windows to run this program or not, please click 'Yes' or 'Run'.
o When you see a console window, press any key to continue scanning.
o Wait while it scans.
o If your firewall alerts you of Security Check, please press 'Allow' or similar.
* A Notepad document should open automatically after scan is completed. It will be called checkup.txt; please post the contents of that document.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

Report •

#91
February 3, 2013 at 04:42:12

"can i delete some logs that they are now in my desktop , its full of them :D?
Yes.

Report •

#92
February 3, 2013 at 04:52:38

ok done , here is the checkup.txt ,


Results of screen317's Security Check version 0.99.57
Windows 7 x64 (UAC is enabled)
[url=http://windows.microsoft.com/en-US/windows7/install-windows-7-service-pack-1][color=red][b]Out of date service pack!![/color][/url][/b]
Internet Explorer 9
[b][u]``````````````Antivirus/Firewall Check:``````````````[/b][/u]
[color=red][b]Windows Security Center service is not running! This report may not be accurate![/b][/color]
Microsoft Security Essentials
Antivirus up to date!
[b][u]`````````Anti-malware/Other Utilities Check:`````````[/b][/u]
Trojan Remover 6.8.5
Malwarebytes Anti-Malware version 1.70.0.1100
TuneUp Utilities 2013
TuneUp Utilities Language Pack (en-US)
TuneUp Utilities 2013
Wise Disk Cleaner 7.74
Wise Registry Cleaner 7.62
Java 7 Update 7
[color=red][b]Java version out of Date![/b][/color]
Adobe Flash Player 10 [color=red][b]Flash Player out of Date![/b][/color]
Adobe Reader 9 [color=red][b]Adobe Reader out of Date![/b][/color]
Mozilla Firefox 11.0 [color=red][b]Firefox out of Date![/b][/color]
Google Chrome 24.0.1312.56
Google Chrome 24.0.1312.57
[b][u]````````Process Check: objlist.exe by Laurent````````[/b][/u]
[b][u]`````````````````System Health check`````````````````[/b][/u]
Total Fragmentation on Drive C: 1%
[b][u]````````````````````End of Log``````````````````````[/b][/u]


Report •

#93
February 3, 2013 at 04:55:57

To get your computer more secure, these need updating, they all have security holes.
Java 7 Update 7
[color=red][b]Java version out of Date![/b][/color]
Adobe Flash Player 10 [color=red][b]Flash Player out of Date![/b][/color]
Adobe Reader 9 [color=red][b]Adobe Reader out of Date![/b][/color]
Mozilla Firefox 11.0 [color=red][b]Firefox out of Date![/b][/color]

We are all done, worked out beautifully with MrGoodguy, when he was asleep, I was awake & vice versa.

Congratulate yourself for getting around the language difficulty. Well done.

Have fun with your computer. John.


Report •

#94
February 3, 2013 at 05:04:00

ok i will update them ,,
i dont know how to thank you guys , you and mrGoodguy have done an amazing job :D if i need help again ,, now i know where i can find the best answer :D thanks ,
good bye and all the best :D

Report •

#95
February 3, 2013 at 05:09:28

Thank you, all the best.

Report •

#96
February 3, 2013 at 05:26:24

"you and mrGoodguy have done an amazing job"
Amen to that.

You can update Java from the icon in Control Panel, or from a download - now 7-13.

Always pop back and let us know the outcome - thanks


Report •


Ask Question