Solved I cannot open any of my web browsers?

December 19, 2012 at 09:08:53
Specs: Windows XP Professional Version 5.1 (Build 2600.xpsp_sp3_gdr.120821-1629 : Service Pack 3, Processor x86 Family 15 Model 2 Stepping 9 GenuineIntel ~2592 Mhz
I ran Avast Security Scans yesterday and it found 2 threats (NCIS: Oneclick-z [PUP] and NCIS: Oneclick-P [PUP] and was given various options for removing, 1 being Delete, and the other Move All to Chest, I chose the latter. Furthermore, I ran SpyBot Search & Destroy and revealed 4 low risk threats, and 2 High Risk Threats (Win32 Trojan - H) uponwhich I chose the option to "Fix Selected Problems" it confirmed this action was successful, I ran SpyBot Search and Destroy again today and it stated "Congratulations, no immediate threats found" but still I cannot open browsers, and if they do open, they become unresponsive and are difficult to shut down, even by using CTRL + ALT + DEL (Task Manager) Please can someone help, I hope I've provided enough information to assist in this troubleshooting. Thank You in anticipation of your assistance. ps I am connected to the internet via ethernet and I am receiving Microsoft Outlook Mail messages.

See More: I cannot open any of my web browsers?

Report •


#1
December 19, 2012 at 10:27:54
For starters I would open Task Manager (right click the taskbar...) to the Network tab and watch the activity when you open a browser. If there's a lot after everything settles down then something is amiss.

But sometimes after malware is removed it leaves things broken. After a thorough full scan I would reinstall the browser. I would recommend a scan with Malwarebytes.


Report •

#2
December 19, 2012 at 13:39:48
✔ Best Answer
After the Malwarebytes ( MBAM ) scan, copy & paste the log please.

Then run AdwCleaner
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://general-changelog-team.fr/en...
http://www.raymond.cc/blog/adwclean...
Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.


Report •

#3
December 19, 2012 at 13:53:07
Thanks I've uninstalled Mozilla Firefox and re-installed it before your answers came through and it never made any difference, I will proceed with both your suggestions, and get back to you with my findings ASAP.

Report •

Related Solutions

#4
December 19, 2012 at 14:32:00
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.19.12

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: HOME-IBM-PC [administrator]

19/12/2012 22:02:02
mbam-log-2012-12-19 (22-02-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 268821
Time elapsed: 21 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Report •

#5
December 19, 2012 at 15:55:07
# AdwCleaner v2.007 - Logfile created 12/19/2012 at 23:23:07
# Updated 06/11/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Administrator - HOME-IBM-PC
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\PGZ1JFMP\AdwCleaner[1].exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cgipzca2.default\extensions\pricepeep@getpricepeep.com.xpi
File Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cgipzca2.default\searchplugins\Search_Results.xml
File Deleted : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cgipzca2.default\Conduit
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cgipzca2.default\ConduitEngine
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cgipzca2.default\CT2405725
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cgipzca2.default\extensions\{0fc85f5d-6207-4515-a490-45a549d285c0}(2)
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Ilivid Player
Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\~0
Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\boost_interprocess
Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\Tarma Installer
Folder Deleted : C:\Program Files\PricePeep

***** [Registry] *****

Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\Crossrider
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Deleted : HKCU\Software\Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021802.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021802.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021802.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021802.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Key Deleted : HKLM\SOFTWARE\Classes\PricePeep.PricePeepBho
Key Deleted : HKLM\SOFTWARE\Classes\PricePeep.PricePeepBho.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2418376
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2612669
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\licjnkifamhpbaefhdpacpmihicfbomb
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PricePeep
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\Software\TENCENT

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-GB)

Profile name : default
File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cgipzca2.default\prefs.js

C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cgipzca2.default\user.js ... Deleted !

Deleted : user_pref("CT1460988.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT1460988.CT1667811.CommunityChanged", true);
Deleted : user_pref("CT1460988.CT1668860.CommunityChanged", true);
Deleted : user_pref("CT1460988.CT1668889.CommunityChanged", true);
Deleted : user_pref("CT1460988.CT1669100.CommunityChanged", true);
Deleted : user_pref("CT1460988.CT1669115.CommunityChanged", true);
Deleted : user_pref("CT1460988.CT1670222.CommunityChanged", true);
Deleted : user_pref("CT1460988.CT1670245.CommunityChanged", true);
Deleted : user_pref("CT1460988.CT1729581.CommunityChanged", true);
Deleted : user_pref("CT1460988.CT1729585.CommunityChanged", true);
Deleted : user_pref("CT1460988.CT1729587.CommunityChanged", true);
Deleted : user_pref("CT1460988.CT1729593.CommunityChanged", true);
Deleted : user_pref("CT1460988.CT2164362.CommunityChanged", true);
Deleted : user_pref("CT1460988.CT2651538.CommunityChanged", true);
Deleted : user_pref("CT1460988.CTID", "ct2164362");
Deleted : user_pref("CT1460988.CommunitiesChangesLastCheckTime", "Fri Jul 23 2010 00:34:32 GMT+0100 (GMT Dayli[...]
Deleted : user_pref("CT1460988.CommunityChanged", true);
Deleted : user_pref("CT1460988.CurrentServerDate", "23-7-2010");
Deleted : user_pref("CT1460988.DialogsAlignMode", "LTR");
Deleted : user_pref("CT1460988.DownloadReferralCookieData", "");
Deleted : user_pref("CT1460988.EMailNotifierPollDate", "Fri Jul 23 2010 00:33:15 GMT+0100 (GMT Daylight Time)"[...]
Deleted : user_pref("CT1460988.ExternalComponentPollDate129239308604258837", "Thu Jul 22 2010 14:19:34 GMT+010[...]
Deleted : user_pref("CT1460988.ExternalComponentPollDate129239312037384175", "Thu Jul 22 2010 14:19:34 GMT+010[...]
Deleted : user_pref("CT1460988.FeedPollDate128460898315556274", "Fri Jul 23 2010 00:22:03 GMT+0100 (GMT Daylig[...]
Deleted : user_pref("CT1460988.FeedPollDate128460899415556929", "Fri Jul 23 2010 00:22:03 GMT+0100 (GMT Daylig[...]
Deleted : user_pref("CT1460988.FeedPollDate128460899564463182", "Fri Jul 23 2010 00:22:03 GMT+0100 (GMT Daylig[...]
Deleted : user_pref("CT1460988.FeedPollDate128460899661963361", "Fri Jul 23 2010 00:22:04 GMT+0100 (GMT Daylig[...]
Deleted : user_pref("CT1460988.FeedPollDate128460899768994715", "Fri Jul 23 2010 00:22:04 GMT+0100 (GMT Daylig[...]
Deleted : user_pref("CT1460988.FeedPollDate128479826070094154", "Fri Jul 23 2010 00:22:04 GMT+0100 (GMT Daylig[...]
Deleted : user_pref("CT1460988.FeedTTL128460898315556274", 5);
Deleted : user_pref("CT1460988.FeedTTL128460899415556929", 20);
Deleted : user_pref("CT1460988.FeedTTL128460899564463182", 30);
Deleted : user_pref("CT1460988.FeedTTL128460899661963361", 15);
Deleted : user_pref("CT1460988.FirstServerDate", "22-7-2010");
Deleted : user_pref("CT1460988.FirstTime", true);
Deleted : user_pref("CT1460988.FirstTimeFF3", true);
Deleted : user_pref("CT1460988.FirstTimeSettingsDone", true);
Deleted : user_pref("CT1460988.FixPageNotFoundErrors", true);
Deleted : user_pref("CT1460988.GroupingLastCheckTime", "Thu Jul 22 2010 14:19:34 GMT+0100 (GMT Daylight Time)"[...]
Deleted : user_pref("CT1460988.GroupingLastErrorCode", "");
Deleted : user_pref("CT1460988.GroupingLastResponse", true);
Deleted : user_pref("CT1460988.GroupingLastServerUpdateTime", "129241838746900000");
Deleted : user_pref("CT1460988.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT1460988.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT1460988.Initialize", true);
Deleted : user_pref("CT1460988.InitializeCommonPrefs", true);
Deleted : user_pref("CT1460988.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT1460988.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT1460988.InstalledDate", "Thu Jul 22 2010 14:19:33 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("CT1460988.IsGrouping", true);
Deleted : user_pref("CT1460988.IsMulticommunity", false);
Deleted : user_pref("CT1460988.IsOpenThankYouPage", false);
Deleted : user_pref("CT1460988.IsOpenUninstallPage", true);
Deleted : user_pref("CT1460988.LanguagePackLastCheckTime", "Thu Jul 22 2010 14:19:36 GMT+0100 (GMT Daylight Ti[...]
Deleted : user_pref("CT1460988.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT1460988.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT1460988.LastLogin_2.6.0.15", "Fri Jul 23 2010 00:22:04 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("CT1460988.LatestVersion", "2.1.0.18");
Deleted : user_pref("CT1460988.Locale", "en-us");
Deleted : user_pref("CT1460988.LoginCache", 4);
Deleted : user_pref("CT1460988.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT1460988.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT1460988.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT1460988.RadioIsPodcast", false);
Deleted : user_pref("CT1460988.RadioMediaID", "9962");
Deleted : user_pref("CT1460988.RadioMediaType", "Media Player");
Deleted : user_pref("CT1460988.RadioMenuSelectedID", "EBRadioMenu_CT14609889962");
Deleted : user_pref("CT1460988.RadioStationName", "California%20Rock");
Deleted : user_pref("CT1460988.RadioStationURL", "hxxp://feedlive.net/california.asx");
Deleted : user_pref("CT1460988.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT1460988.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT1460988.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT1460988.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT146[...]
Deleted : user_pref("CT1460988.SearchInNewTabEnabled", true);
Deleted : user_pref("CT1460988.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT1460988.SearchInNewTabLastCheckTime", "Thu Jul 22 2010 14:19:36 GMT+0100 (GMT Daylight [...]
Deleted : user_pref("CT1460988.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT1460988.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT1460988.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT1460988.SettingsLastCheckTime", "Thu Jul 22 2010 14:19:31 GMT+0100 (GMT Daylight Time)"[...]
Deleted : user_pref("CT1460988.SettingsLastUpdate", "1279703074");
Deleted : user_pref("CT1460988.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT1460988.ThirdPartyComponentsLastCheck", "Thu Jul 22 2010 14:19:31 GMT+0100 (GMT Dayligh[...]
Deleted : user_pref("CT1460988.ThirdPartyComponentsLastUpdate", "1279703074");
Deleted : user_pref("CT1460988.ToggleComponentState129160818675915142", true);
Deleted : user_pref("CT1460988.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Deleted : user_pref("CT1460988.UserID", "UN86573876296526336");
Deleted : user_pref("CT1460988.ValidationData_Toolbar", 2);
Deleted : user_pref("CT1460988.WeatherNetwork", "");
Deleted : user_pref("CT1460988.WeatherPollDate", "Fri Jul 23 2010 00:22:04 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("CT1460988.WeatherUnit", "C");
Deleted : user_pref("CT1460988.backendstorage.shpngrd_evnts", "30");
Deleted : user_pref("CT1460988.backendstorage.shpngrdglblcfg", "7B7265662020202020203A202762626C6E272C20666565[...]
Deleted : user_pref("CT1460988.backendstorage.shpngrdglblkey", "68747470253341253246253246636E66672E73686F7070[...]
Deleted : user_pref("CT1460988.clientLogIsEnabled", true);
Deleted : user_pref("CT1460988.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT1460988.ct2164362.DialogsAlignMode", "LTR");
Deleted : user_pref("CT1460988.ct2164362.FeedLastCount128460900971181341", 242);
Deleted : user_pref("CT1460988.ct2164362.FirstTimeSettingsDone", true);
Deleted : user_pref("CT1460988.ct2164362.GroupingInvalidateCache", false);
Deleted : user_pref("CT1460988.ct2164362.GroupingLastCheckTime", "Thu Jul 22 2010 14:19:34 GMT+0100 (GMT Dayli[...]
Deleted : user_pref("CT1460988.ct2164362.GroupingLastErrorCode", "");
Deleted : user_pref("CT1460988.ct2164362.GroupingLastResponse", true);
Deleted : user_pref("CT1460988.ct2164362.GroupingLastServerUpdateTime", "129239503835430000");
Deleted : user_pref("CT1460988.ct2164362.InvalidateCache", false);
Deleted : user_pref("CT1460988.ct2164362.LanguagePackLastCheckTime", "Thu Jul 22 2010 14:19:37 GMT+0100 (GMT D[...]
Deleted : user_pref("CT1460988.ct2164362.Locale", "en-us");
Deleted : user_pref("CT1460988.ct2164362.RadioLastCheckTime", "Thu Jul 22 2010 14:19:36 GMT+0100 (GMT Daylight[...]
Deleted : user_pref("CT1460988.ct2164362.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT1460988.ct2164362.RadioLastUpdateServer", "3");
Deleted : user_pref("CT1460988.ct2164362.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_[...]
Deleted : user_pref("CT1460988.ct2164362.SearchInNewTabLastCheckTime", "Thu Jul 22 2010 16:26:39 GMT+0100 (GMT[...]
Deleted : user_pref("CT1460988.ct2164362.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT1460988.ct2164362.SettingsLastCheckTime", "Fri Jul 23 2010 00:22:01 GMT+0100 (GMT Dayli[...]
Deleted : user_pref("CT1460988.ct2164362.SettingsLastUpdate", "1279469583");
Deleted : user_pref("CT1460988.ct2164362.ThirdPartyComponentsLastCheck", "Thu Jul 22 2010 14:19:33 GMT+0100 (G[...]
Deleted : user_pref("CT1460988.ct2164362.ThirdPartyComponentsLastUpdate", "1279469583");
Deleted : user_pref("CT1460988.ct2164362.ToggleComponentState129160820025759182", true);
Deleted : user_pref("CT1460988.myStuffEnabled", true);
Deleted : user_pref("CT1460988.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT1460988.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT1460988.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT1460988.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT1460988.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CT2405725.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2405725.CTID", "CT2405725");
Deleted : user_pref("CT2405725.CurrentServerDate", "9-4-2010");
Deleted : user_pref("CT2405725.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2405725.EMailNotifierPollDate", "Thu Apr 08 2010 23:07:15 GMT+0100 (GMT Daylight Time)"[...]
Deleted : user_pref("CT2405725.ExternalComponentPollDate129037795737775550", "Thu Apr 08 2010 22:56:14 GMT+010[...]
Deleted : user_pref("CT2405725.FirstServerDate", "9-4-2010");
Deleted : user_pref("CT2405725.FirstTime", true);
Deleted : user_pref("CT2405725.FirstTimeFF3", true);
Deleted : user_pref("CT2405725.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2405725.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2405725.Initialize", true);
Deleted : user_pref("CT2405725.InitializeCommonPrefs", true);
Deleted : user_pref("CT2405725.InstalledDate", "Thu Apr 08 2010 22:56:16 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("CT2405725.InvalidateCache", false);
Deleted : user_pref("CT2405725.IsGrouping", false);
Deleted : user_pref("CT2405725.IsMulticommunity", false);
Deleted : user_pref("CT2405725.IsOpenThankYouPage", true);
Deleted : user_pref("CT2405725.IsOpenUninstallPage", true);
Deleted : user_pref("CT2405725.LanguagePackLastCheckTime", "Thu Apr 08 2010 22:56:16 GMT+0100 (GMT Daylight Ti[...]
Deleted : user_pref("CT2405725.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2405725.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2405725.LastLogin_2.5.8.6", "Thu Apr 08 2010 22:56:43 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("CT2405725.LatestVersion", "2.1.0.18");
Deleted : user_pref("CT2405725.Locale", "en");
Deleted : user_pref("CT2405725.LoginCache", 4);
Deleted : user_pref("CT2405725.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2405725.MCDetectTooltipShow", false);
Deleted : user_pref("CT2405725.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2405725.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2405725.RadioIsPodcast", false);
Deleted : user_pref("CT2405725.RadioLastCheckTime", "Thu Apr 08 2010 22:56:15 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("CT2405725.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2405725.RadioLastUpdateServer", "129015434478330000");
Deleted : user_pref("CT2405725.RadioMediaID", "12853965");
Deleted : user_pref("CT2405725.RadioMediaType", "Real Player");
Deleted : user_pref("CT2405725.RadioMenuSelectedID", "EBRadioMenu_CT240572512853965");
Deleted : user_pref("CT2405725.RadioShrinked", "shrinked");
Deleted : user_pref("CT2405725.RadioStationName", "National%20-%20Radio%20Australia%20(Other)");
Deleted : user_pref("CT2405725.RadioStationURL", "hxxp://media4.abc.net.au/raflp");
Deleted : user_pref("CT2405725.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT2405725.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT2405725.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2405725.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT240[...]
Deleted : user_pref("CT2405725.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2405725.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2405725.SearchInNewTabLastCheckTime", "Thu Apr 08 2010 22:56:43 GMT+0100 (GMT Daylight [...]
Deleted : user_pref("CT2405725.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2405725.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2405725.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2405725.SettingsLastCheckTime", "Thu Apr 08 2010 22:56:13 GMT+0100 (GMT Daylight Time)"[...]
Deleted : user_pref("CT2405725.SettingsLastUpdate", "1269767146");
Deleted : user_pref("CT2405725.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2405725.ThirdPartyComponentsLastCheck", "Thu Apr 08 2010 22:56:13 GMT+0100 (GMT Dayligh[...]
Deleted : user_pref("CT2405725.ThirdPartyComponentsLastUpdate", "1269767146");
Deleted : user_pref("CT2405725.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Deleted : user_pref("CT2405725.UserID", "UN71964147853322751");
Deleted : user_pref("CT2405725.ValidationData_Search", 0);
Deleted : user_pref("CT2405725.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2405725.WeatherNetwork", "");
Deleted : user_pref("CT2405725.WeatherPollDate", "Thu Apr 08 2010 22:56:15 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("CT2405725.WeatherUnit", "C");
Deleted : user_pref("CT2405725.alertChannelId", "800208");
Deleted : user_pref("CT2405725.backendstorage.client_id", "353664313331663435623862316536613963373563363061356[...]
Deleted : user_pref("CT2405725.clientLogIsEnabled", false);
Deleted : user_pref("CT2405725.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT2405725.components.129054413653475951", false);
Deleted : user_pref("CT2405725.components.129142407039525014", false);
Deleted : user_pref("CT2405725.components.8706658885428442049", false);
Deleted : user_pref("CT2405725.myStuffEnabled", true);
Deleted : user_pref("CT2405725.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2405725.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2405725.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2405725.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2405725.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alert.services.conduit.com/Alerts/AlertServices.asmx/GetHost[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/800208/796027/UK", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/812740/808552/UK", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/UK", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2418376", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2612669", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2418376", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2612669", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.5[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2418376",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2612669",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2418376/CT2418376[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2612669/CT2612669[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/ct2418376/CT2418376[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/ct2612669/CT2612669[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/20566976.xml", "\"7398f7a294da855e85e[...]
Deleted : user_pref("CommunityToolbar.EngineHiddenByUser", true);
Deleted : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Deleted : user_pref("CommunityToolbar.IsEngineShown", false);
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\Administrator\\App[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.5.0.12");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2418376");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{9565115d-c7d6-46d3-bd63-b67b481a4368}");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "pagerage");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2405725,CT1460988,ConduitEngine");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2405725,CT1460988");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Wed May 18 2011 11:42:02 GMT+01[...]
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sat May 21 2011 23:50:07 GMT+0100 (GMT D[...]
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Mon Jun 06 2011 11:25:04 GMT+0100 (GMT Dayli[...]
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "{53f0159b-7e37-4c10-a091-cd6a14ae1442}");
Deleted : user_pref("CommunityToolbar.globalUserId", "4ac53b23-301f-4dc8-a0e1-665836b0673d");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Thu Jul 07 2011 23:32:2[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sun Jul 10 2011 16:31:23 GMT+0100 (G[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1305622559");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "ab86020f-6640-4bd2-aa8d-1e903bf03cf2");
Deleted : user_pref("CommunityToolbar.twitter.user_20566976.LastCheckTime", "Sun Jul 10 2011 01:29:07 GMT+0100[...]
Deleted : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Thu Jun 02 2011 09:09:33 GMT+0100 (GMT Daylight[...]
Deleted : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sat May 21 2011 11:43:35 GMT+0100 (GMT Daylig[...]
Deleted : user_pref("ConduitEngine.FirstServerDate", "05/18/2011 13");
Deleted : user_pref("ConduitEngine.FirstTime", true);
Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Deleted : user_pref("ConduitEngine.HideEngineAfterRestart", false);
Deleted : user_pref("ConduitEngine.Initialize", true);
Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Deleted : user_pref("ConduitEngine.InstalledDate", "Wed May 18 2011 11:42:03 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sat May 21 2011 11:43:35 GMT+0100 (GMT Dayligh[...]
Deleted : user_pref("ConduitEngine.LastLogin_3.3.5.1", "Sat May 21 2011 23:36:29 GMT+0100 (GMT Daylight Time)"[...]
Deleted : user_pref("ConduitEngine.PublisherContainerWidth", 0);
Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Sat May 21 2011 23:36:30 GMT+0100 (GMT Daylight Ti[...]
Deleted : user_pref("ConduitEngine.UserID", "UN72674087214739377");
Deleted : user_pref("ConduitEngine.engineLocale", "en-US");
Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sat May 21 2011 11:43:35 GMT+0100 (GMT D[...]
Deleted : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Sun May 22 2011 03:36:30 GMT+0100 (GMT [...]
Deleted : user_pref("ConduitEngine.initDone", true);
Deleted : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Deleted : user_pref("browser.babylon.HPOnNewTab", "1");
Deleted : user_pref("browser.search.defaultenginename", "Search Results");
Deleted : user_pref("browser.search.order.1", "Search Results");
Deleted : user_pref("sweetim.toolbar.cargo", "2.1002");
Deleted : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Deleted : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Deleted : user_pref("sweetim.toolbar.mode.debug", "false");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "Search the web (Babylon)");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "hxxp://search.babylon.com/web/{sear[...]
Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Google");
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://www.facebook.com/home.php?ref[...]
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://google.com");
Deleted : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
Deleted : user_pref("sweetim.toolbar.search.history.capacity", "10");
Deleted : user_pref("sweetim.toolbar.simapp_id", "{A93DEAA6-8246-11E0-8E28-000D60638807}");
Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?crg=2.1002");
Deleted : user_pref("extensions.crossriderapp21802.adsOldValue", 14);

-\\ Google Chrome v23.0.1271.97

File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted [l.16] : homepage = "hxxp://www.searchnu.com/406",
Deleted [l.2029] : homepage = "hxxp://www.searchnu.com/406",

*************************

AdwCleaner[R1].txt - [32285 octets] - [19/12/2012 23:05:21]
AdwCleaner[S1].txt - [32779 octets] - [19/12/2012 23:23:07]

########## EOF - C:\AdwCleaner[S1].txt - [32840 octets] ##########


Report •

#6
December 19, 2012 at 15:57:09
Whew, that was a mess, did it fix your problems?

Report •

#7
December 19, 2012 at 16:02:56
# AdwCleaner v2.007 - Logfile created 12/19/2012 at 23:23:07
# Updated 06/11/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Administrator - HOME-IBM-PC
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\PGZ1JFMP\AdwCleaner[1].exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cgipzca2.default\extensions\pricepeep@getpricepeep.com.xpi
File Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cgipzca2.default\searchplugins\Search_Results.xml
File Deleted : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cgipzca2.default\Conduit
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cgipzca2.default\ConduitEngine
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cgipzca2.default\CT2405725
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cgipzca2.default\extensions\{0fc85f5d-6207-4515-a490-45a549d285c0}(2)
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Ilivid Player
Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\~0
Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\boost_interprocess
Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\Tarma Installer
Folder Deleted : C:\Program Files\PricePeep

***** [Registry] *****

Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\Crossrider
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Deleted : HKCU\Software\Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021802.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021802.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021802.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021802.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Key Deleted : HKLM\SOFTWARE\Classes\PricePeep.PricePeepBho
Key Deleted : HKLM\SOFTWARE\Classes\PricePeep.PricePeepBho.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2418376
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2612669
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\licjnkifamhpbaefhdpacpmihicfbomb
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PricePeep
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\Software\TENCENT

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-GB)

Profile name : default
File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cgipzca2.default\prefs.js

C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cgipzca2.default\user.js ... Deleted !

Deleted : user_pref("CT1460988.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT1460988.CT1667811.CommunityChanged", true);
Deleted : user_pref("CT1460988.CT1668860.CommunityChanged", true);
Deleted : user_pref("CT1460988.CT1668889.CommunityChanged", true);
Deleted : user_pref("CT1460988.CT1669100.CommunityChanged", true);
Deleted : user_pref("CT1460988.CT1669115.CommunityChanged", true);
Deleted : user_pref("CT1460988.CT1670222.CommunityChanged", true);
Deleted : user_pref("CT1460988.CT1670245.CommunityChanged", true);
Deleted : user_pref("CT1460988.CT1729581.CommunityChanged", true);
Deleted : user_pref("CT1460988.CT1729585.CommunityChanged", true);
Deleted : user_pref("CT1460988.CT1729587.CommunityChanged", true);
Deleted : user_pref("CT1460988.CT1729593.CommunityChanged", true);
Deleted : user_pref("CT1460988.CT2164362.CommunityChanged", true);
Deleted : user_pref("CT1460988.CT2651538.CommunityChanged", true);
Deleted : user_pref("CT1460988.CTID", "ct2164362");
Deleted : user_pref("CT1460988.CommunitiesChangesLastCheckTime", "Fri Jul 23 2010 00:34:32 GMT+0100 (GMT Dayli[...]
Deleted : user_pref("CT1460988.CommunityChanged", true);
Deleted : user_pref("CT1460988.CurrentServerDate", "23-7-2010");
Deleted : user_pref("CT1460988.DialogsAlignMode", "LTR");
Deleted : user_pref("CT1460988.DownloadReferralCookieData", "");
Deleted : user_pref("CT1460988.EMailNotifierPollDate", "Fri Jul 23 2010 00:33:15 GMT+0100 (GMT Daylight Time)"[...]
Deleted : user_pref("CT1460988.ExternalComponentPollDate129239308604258837", "Thu Jul 22 2010 14:19:34 GMT+010[...]
Deleted : user_pref("CT1460988.ExternalComponentPollDate129239312037384175", "Thu Jul 22 2010 14:19:34 GMT+010[...]
Deleted : user_pref("CT1460988.FeedPollDate128460898315556274", "Fri Jul 23 2010 00:22:03 GMT+0100 (GMT Daylig[...]
Deleted : user_pref("CT1460988.FeedPollDate128460899415556929", "Fri Jul 23 2010 00:22:03 GMT+0100 (GMT Daylig[...]
Deleted : user_pref("CT1460988.FeedPollDate128460899564463182", "Fri Jul 23 2010 00:22:03 GMT+0100 (GMT Daylig[...]
Deleted : user_pref("CT1460988.FeedPollDate128460899661963361", "Fri Jul 23 2010 00:22:04 GMT+0100 (GMT Daylig[...]
Deleted : user_pref("CT1460988.FeedPollDate128460899768994715", "Fri Jul 23 2010 00:22:04 GMT+0100 (GMT Daylig[...]
Deleted : user_pref("CT1460988.FeedPollDate128479826070094154", "Fri Jul 23 2010 00:22:04 GMT+0100 (GMT Daylig[...]
Deleted : user_pref("CT1460988.FeedTTL128460898315556274", 5);
Deleted : user_pref("CT1460988.FeedTTL128460899415556929", 20);
Deleted : user_pref("CT1460988.FeedTTL128460899564463182", 30);
Deleted : user_pref("CT1460988.FeedTTL128460899661963361", 15);
Deleted : user_pref("CT1460988.FirstServerDate", "22-7-2010");
Deleted : user_pref("CT1460988.FirstTime", true);
Deleted : user_pref("CT1460988.FirstTimeFF3", true);
Deleted : user_pref("CT1460988.FirstTimeSettingsDone", true);
Deleted : user_pref("CT1460988.FixPageNotFoundErrors", true);
Deleted : user_pref("CT1460988.GroupingLastCheckTime", "Thu Jul 22 2010 14:19:34 GMT+0100 (GMT Daylight Time)"[...]
Deleted : user_pref("CT1460988.GroupingLastErrorCode", "");
Deleted : user_pref("CT1460988.GroupingLastResponse", true);
Deleted : user_pref("CT1460988.GroupingLastServerUpdateTime", "129241838746900000");
Deleted : user_pref("CT1460988.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT1460988.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT1460988.Initialize", true);
Deleted : user_pref("CT1460988.InitializeCommonPrefs", true);
Deleted : user_pref("CT1460988.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT1460988.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT1460988.InstalledDate", "Thu Jul 22 2010 14:19:33 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("CT1460988.IsGrouping", true);
Deleted : user_pref("CT1460988.IsMulticommunity", false);
Deleted : user_pref("CT1460988.IsOpenThankYouPage", false);
Deleted : user_pref("CT1460988.IsOpenUninstallPage", true);
Deleted : user_pref("CT1460988.LanguagePackLastCheckTime", "Thu Jul 22 2010 14:19:36 GMT+0100 (GMT Daylight Ti[...]
Deleted : user_pref("CT1460988.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT1460988.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT1460988.LastLogin_2.6.0.15", "Fri Jul 23 2010 00:22:04 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("CT1460988.LatestVersion", "2.1.0.18");
Deleted : user_pref("CT1460988.Locale", "en-us");
Deleted : user_pref("CT1460988.LoginCache", 4);
Deleted : user_pref("CT1460988.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT1460988.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT1460988.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT1460988.RadioIsPodcast", false);
Deleted : user_pref("CT1460988.RadioMediaID", "9962");
Deleted : user_pref("CT1460988.RadioMediaType", "Media Player");
Deleted : user_pref("CT1460988.RadioMenuSelectedID", "EBRadioMenu_CT14609889962");
Deleted : user_pref("CT1460988.RadioStationName", "California%20Rock");
Deleted : user_pref("CT1460988.RadioStationURL", "hxxp://feedlive.net/california.asx");
Deleted : user_pref("CT1460988.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT1460988.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT1460988.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT1460988.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT146[...]
Deleted : user_pref("CT1460988.SearchInNewTabEnabled", true);
Deleted : user_pref("CT1460988.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT1460988.SearchInNewTabLastCheckTime", "Thu Jul 22 2010 14:19:36 GMT+0100 (GMT Daylight [...]
Deleted : user_pref("CT1460988.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT1460988.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT1460988.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT1460988.SettingsLastCheckTime", "Thu Jul 22 2010 14:19:31 GMT+0100 (GMT Daylight Time)"[...]
Deleted : user_pref("CT1460988.SettingsLastUpdate", "1279703074");
Deleted : user_pref("CT1460988.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT1460988.ThirdPartyComponentsLastCheck", "Thu Jul 22 2010 14:19:31 GMT+0100 (GMT Dayligh[...]
Deleted : user_pref("CT1460988.ThirdPartyComponentsLastUpdate", "1279703074");
Deleted : user_pref("CT1460988.ToggleComponentState129160818675915142", true);
Deleted : user_pref("CT1460988.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Deleted : user_pref("CT1460988.UserID", "UN86573876296526336");
Deleted : user_pref("CT1460988.ValidationData_Toolbar", 2);
Deleted : user_pref("CT1460988.WeatherNetwork", "");
Deleted : user_pref("CT1460988.WeatherPollDate", "Fri Jul 23 2010 00:22:04 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("CT1460988.WeatherUnit", "C");
Deleted : user_pref("CT1460988.backendstorage.shpngrd_evnts", "30");
Deleted : user_pref("CT1460988.backendstorage.shpngrdglblcfg", "7B7265662020202020203A202762626C6E272C20666565[...]
Deleted : user_pref("CT1460988.backendstorage.shpngrdglblkey", "68747470253341253246253246636E66672E73686F7070[...]
Deleted : user_pref("CT1460988.clientLogIsEnabled", true);
Deleted : user_pref("CT1460988.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT1460988.ct2164362.DialogsAlignMode", "LTR");
Deleted : user_pref("CT1460988.ct2164362.FeedLastCount128460900971181341", 242);
Deleted : user_pref("CT1460988.ct2164362.FirstTimeSettingsDone", true);
Deleted : user_pref("CT1460988.ct2164362.GroupingInvalidateCache", false);
Deleted : user_pref("CT1460988.ct2164362.GroupingLastCheckTime", "Thu Jul 22 2010 14:19:34 GMT+0100 (GMT Dayli[...]
Deleted : user_pref("CT1460988.ct2164362.GroupingLastErrorCode", "");
Deleted : user_pref("CT1460988.ct2164362.GroupingLastResponse", true);
Deleted : user_pref("CT1460988.ct2164362.GroupingLastServerUpdateTime", "129239503835430000");
Deleted : user_pref("CT1460988.ct2164362.InvalidateCache", false);
Deleted : user_pref("CT1460988.ct2164362.LanguagePackLastCheckTime", "Thu Jul 22 2010 14:19:37 GMT+0100 (GMT D[...]
Deleted : user_pref("CT1460988.ct2164362.Locale", "en-us");
Deleted : user_pref("CT1460988.ct2164362.RadioLastCheckTime", "Thu Jul 22 2010 14:19:36 GMT+0100 (GMT Daylight[...]
Deleted : user_pref("CT1460988.ct2164362.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT1460988.ct2164362.RadioLastUpdateServer", "3");
Deleted : user_pref("CT1460988.ct2164362.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_[...]
Deleted : user_pref("CT1460988.ct2164362.SearchInNewTabLastCheckTime", "Thu Jul 22 2010 16:26:39 GMT+0100 (GMT[...]
Deleted : user_pref("CT1460988.ct2164362.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT1460988.ct2164362.SettingsLastCheckTime", "Fri Jul 23 2010 00:22:01 GMT+0100 (GMT Dayli[...]
Deleted : user_pref("CT1460988.ct2164362.SettingsLastUpdate", "1279469583");
Deleted : user_pref("CT1460988.ct2164362.ThirdPartyComponentsLastCheck", "Thu Jul 22 2010 14:19:33 GMT+0100 (G[...]
Deleted : user_pref("CT1460988.ct2164362.ThirdPartyComponentsLastUpdate", "1279469583");
Deleted : user_pref("CT1460988.ct2164362.ToggleComponentState129160820025759182", true);
Deleted : user_pref("CT1460988.myStuffEnabled", true);
Deleted : user_pref("CT1460988.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT1460988.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT1460988.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT1460988.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT1460988.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CT2405725.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2405725.CTID", "CT2405725");
Deleted : user_pref("CT2405725.CurrentServerDate", "9-4-2010");
Deleted : user_pref("CT2405725.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2405725.EMailNotifierPollDate", "Thu Apr 08 2010 23:07:15 GMT+0100 (GMT Daylight Time)"[...]
Deleted : user_pref("CT2405725.ExternalComponentPollDate129037795737775550", "Thu Apr 08 2010 22:56:14 GMT+010[...]
Deleted : user_pref("CT2405725.FirstServerDate", "9-4-2010");
Deleted : user_pref("CT2405725.FirstTime", true);
Deleted : user_pref("CT2405725.FirstTimeFF3", true);
Deleted : user_pref("CT2405725.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2405725.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2405725.Initialize", true);
Deleted : user_pref("CT2405725.InitializeCommonPrefs", true);
Deleted : user_pref("CT2405725.InstalledDate", "Thu Apr 08 2010 22:56:16 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("CT2405725.InvalidateCache", false);
Deleted : user_pref("CT2405725.IsGrouping", false);
Deleted : user_pref("CT2405725.IsMulticommunity", false);
Deleted : user_pref("CT2405725.IsOpenThankYouPage", true);
Deleted : user_pref("CT2405725.IsOpenUninstallPage", true);
Deleted : user_pref("CT2405725.LanguagePackLastCheckTime", "Thu Apr 08 2010 22:56:16 GMT+0100 (GMT Daylight Ti[...]
Deleted : user_pref("CT2405725.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2405725.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2405725.LastLogin_2.5.8.6", "Thu Apr 08 2010 22:56:43 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("CT2405725.LatestVersion", "2.1.0.18");
Deleted : user_pref("CT2405725.Locale", "en");
Deleted : user_pref("CT2405725.LoginCache", 4);
Deleted : user_pref("CT2405725.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2405725.MCDetectTooltipShow", false);
Deleted : user_pref("CT2405725.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2405725.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2405725.RadioIsPodcast", false);
Deleted : user_pref("CT2405725.RadioLastCheckTime", "Thu Apr 08 2010 22:56:15 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("CT2405725.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2405725.RadioLastUpdateServer", "129015434478330000");
Deleted : user_pref("CT2405725.RadioMediaID", "12853965");
Deleted : user_pref("CT2405725.RadioMediaType", "Real Player");
Deleted : user_pref("CT2405725.RadioMenuSelectedID", "EBRadioMenu_CT240572512853965");
Deleted : user_pref("CT2405725.RadioShrinked", "shrinked");
Deleted : user_pref("CT2405725.RadioStationName", "National%20-%20Radio%20Australia%20(Other)");
Deleted : user_pref("CT2405725.RadioStationURL", "hxxp://media4.abc.net.au/raflp");
Deleted : user_pref("CT2405725.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT2405725.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT2405725.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2405725.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT240[...]
Deleted : user_pref("CT2405725.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2405725.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2405725.SearchInNewTabLastCheckTime", "Thu Apr 08 2010 22:56:43 GMT+0100 (GMT Daylight [...]
Deleted : user_pref("CT2405725.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2405725.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2405725.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2405725.SettingsLastCheckTime", "Thu Apr 08 2010 22:56:13 GMT+0100 (GMT Daylight Time)"[...]
Deleted : user_pref("CT2405725.SettingsLastUpdate", "1269767146");
Deleted : user_pref("CT2405725.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2405725.ThirdPartyComponentsLastCheck", "Thu Apr 08 2010 22:56:13 GMT+0100 (GMT Dayligh[...]
Deleted : user_pref("CT2405725.ThirdPartyComponentsLastUpdate", "1269767146");
Deleted : user_pref("CT2405725.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Deleted : user_pref("CT2405725.UserID", "UN71964147853322751");
Deleted : user_pref("CT2405725.ValidationData_Search", 0);
Deleted : user_pref("CT2405725.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2405725.WeatherNetwork", "");
Deleted : user_pref("CT2405725.WeatherPollDate", "Thu Apr 08 2010 22:56:15 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("CT2405725.WeatherUnit", "C");
Deleted : user_pref("CT2405725.alertChannelId", "800208");
Deleted : user_pref("CT2405725.backendstorage.client_id", "353664313331663435623862316536613963373563363061356[...]
Deleted : user_pref("CT2405725.clientLogIsEnabled", false);
Deleted : user_pref("CT2405725.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT2405725.components.129054413653475951", false);
Deleted : user_pref("CT2405725.components.129142407039525014", false);
Deleted : user_pref("CT2405725.components.8706658885428442049", false);
Deleted : user_pref("CT2405725.myStuffEnabled", true);
Deleted : user_pref("CT2405725.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2405725.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2405725.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2405725.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2405725.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alert.services.conduit.com/Alerts/AlertServices.asmx/GetHost[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/800208/796027/UK", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/812740/808552/UK", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/UK", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2418376", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2612669", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2418376", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2612669", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.5[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2418376",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2612669",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2418376/CT2418376[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2612669/CT2612669[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/ct2418376/CT2418376[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/ct2612669/CT2612669[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/20566976.xml", "\"7398f7a294da855e85e[...]
Deleted : user_pref("CommunityToolbar.EngineHiddenByUser", true);
Deleted : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Deleted : user_pref("CommunityToolbar.IsEngineShown", false);
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\Administrator\\App[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.5.0.12");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2418376");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{9565115d-c7d6-46d3-bd63-b67b481a4368}");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "pagerage");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2405725,CT1460988,ConduitEngine");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2405725,CT1460988");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Wed May 18 2011 11:42:02 GMT+01[...]
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sat May 21 2011 23:50:07 GMT+0100 (GMT D[...]
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Mon Jun 06 2011 11:25:04 GMT+0100 (GMT Dayli[...]
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "{53f0159b-7e37-4c10-a091-cd6a14ae1442}");
Deleted : user_pref("CommunityToolbar.globalUserId", "4ac53b23-301f-4dc8-a0e1-665836b0673d");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Thu Jul 07 2011 23:32:2[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sun Jul 10 2011 16:31:23 GMT+0100 (G[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1305622559");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "ab86020f-6640-4bd2-aa8d-1e903bf03cf2");
Deleted : user_pref("CommunityToolbar.twitter.user_20566976.LastCheckTime", "Sun Jul 10 2011 01:29:07 GMT+0100[...]
Deleted : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Thu Jun 02 2011 09:09:33 GMT+0100 (GMT Daylight[...]
Deleted : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sat May 21 2011 11:43:35 GMT+0100 (GMT Daylig[...]
Deleted : user_pref("ConduitEngine.FirstServerDate", "05/18/2011 13");
Deleted : user_pref("ConduitEngine.FirstTime", true);
Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Deleted : user_pref("ConduitEngine.HideEngineAfterRestart", false);
Deleted : user_pref("ConduitEngine.Initialize", true);
Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Deleted : user_pref("ConduitEngine.InstalledDate", "Wed May 18 2011 11:42:03 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sat May 21 2011 11:43:35 GMT+0100 (GMT Dayligh[...]
Deleted : user_pref("ConduitEngine.LastLogin_3.3.5.1", "Sat May 21 2011 23:36:29 GMT+0100 (GMT Daylight Time)"[...]
Deleted : user_pref("ConduitEngine.PublisherContainerWidth", 0);
Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Sat May 21 2011 23:36:30 GMT+0100 (GMT Daylight Ti[...]
Deleted : user_pref("ConduitEngine.UserID", "UN72674087214739377");
Deleted : user_pref("ConduitEngine.engineLocale", "en-US");
Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sat May 21 2011 11:43:35 GMT+0100 (GMT D[...]
Deleted : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Sun May 22 2011 03:36:30 GMT+0100 (GMT [...]
Deleted : user_pref("ConduitEngine.initDone", true);
Deleted : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Deleted : user_pref("browser.babylon.HPOnNewTab", "1");
Deleted : user_pref("browser.search.defaultenginename", "Search Results");
Deleted : user_pref("browser.search.order.1", "Search Results");
Deleted : user_pref("sweetim.toolbar.cargo", "2.1002");
Deleted : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Deleted : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Deleted : user_pref("sweetim.toolbar.mode.debug", "false");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "Search the web (Babylon)");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "hxxp://search.babylon.com/web/{sear[...]
Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Google");
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://www.facebook.com/home.php?ref[...]
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://google.com");
Deleted : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
Deleted : user_pref("sweetim.toolbar.search.history.capacity", "10");
Deleted : user_pref("sweetim.toolbar.simapp_id", "{A93DEAA6-8246-11E0-8E28-000D60638807}");
Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?crg=2.1002");
Deleted : user_pref("extensions.crossriderapp21802.adsOldValue", 14);

-\\ Google Chrome v23.0.1271.97

File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted [l.16] : homepage = "hxxp://www.searchnu.com/406",
Deleted [l.2029] : homepage = "hxxp://www.searchnu.com/406",

*************************

AdwCleaner[R1].txt - [32285 octets] - [19/12/2012 23:05:21]
AdwCleaner[S1].txt - [32779 octets] - [19/12/2012 23:23:07]

########## EOF - C:\AdwCleaner[S1].txt - [32840 octets] ##########


Report •

#8
December 19, 2012 at 16:06:53
A lot of programs, now give you the choice to install toolbars & other during the install. Either uncheck these items during install, or use Custom.

Malware Prevention
http://www.malwarevault.com/index.html
"There is no magic involved. The majority of malware is installed by the user themselves"


Report •

#9
December 19, 2012 at 16:09:57
Lol not sure yet, was anxious to post reports before bedtime, its after midnight here in the UK, but it looks like things are good as I clicked the link in my email and it brought me here through Mozilla Firefox, Thanks will get back to you both when I've had time to check more thoroughly :)

Report •

#10
Report •

#11
December 19, 2012 at 19:32:47
Just a couple more basics. Make sure you reboot on occasion. Windows needs to refresh itself or its framework begins to break down. I use hibernate during the day, but at night I boot down.

If you still have a problem, go back to Task Manager and look for anything that's hogging CPU or memory on the Processes tab (first click "show processes from all users"), especially after the machine has a chance to do MS updates after the boot. Save an internet link to desktop and see if it will launch the browser. To both test and jog things you could install another browser and temporarily make it the default.


Report •

#12
December 19, 2012 at 21:36:37
If your computer is NOT a laptop/notebook then you can stop Hibernate.
Hibernation, reserves disk space equal to your RAM.
http://www.kellys-korner-xp.com/xp_...
http://www.tomshardware.com/reviews...
http://www.5starsupport.com/xp-tips...
http://www.tweaktown.com/guides/145...

Report •

#13
December 20, 2012 at 03:12:00
@ Johnw, Thanks for all your very useful information and taking the time to help me, I am most grateful, The following is a report from RouteKiller as requested:

RogueKiller V8.4.0 [Dec 20 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/file...
Website : http://tigzy.geekstogo.com/roguekil...
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Administrator [Admin rights]
Mode : Remove -- Date : 12/20/2012 11:02:38

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[37] : NtCreateFile @ 0x8056F8E4 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xB079ECA6)
SSDT[62] : NtDeleteFile @ 0x805D605B -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xB079EEB8)
SSDT[98] : NtLoadKey @ 0x805ADC1B -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xB07A28FA)
SSDT[116] : NtOpenFile @ 0x8056F87F -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xB079EDCA)
SSDT[193] : NtReplaceKey @ 0x8064FF50 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xB07A27EA)
SSDT[224] : NtSetInformationFile @ 0x8057E442 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xB079EF6A)
S_SSDT[7] : NtGdiAlphaBlend -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xB07A5128)
S_SSDT[13] : NtGdiBitBlt -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xB07A4F56)
S_SSDT[191] : NtGdiGetPixel -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xB07A4FAC)
S_SSDT[227] : NtGdiMaskBlt -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xB07A504A)
S_SSDT[237] : NtGdiPlgBlt -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xB07A50A0)
S_SSDT[292] : NtGdiStretchBlt -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xB07A4FE8)
S_SSDT[298] : NtGdiTransparentBlt -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xB07A50E4)
S_SSDT[378] : NtUserFindWindowEx -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xB079F3FC)
S_SSDT[477] : NtUserPrintWindow -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xB07A516C)
S_SSDT[483] : NtUserQueryWindow -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xB079F366)

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD400BB-23DEA0 +++++
--- User ---
[MBR] 93c3be209d952371decb718313ca3a4f
[BSP] cee8a398186f408973e77fc81169d6f2 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 35801 Mo
1 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 73320660 | Size: 2361 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD80 0BEVT-00ZCT0 USB Device +++++
--- User ---
[MBR] b6bcda97854c78f32866312eeee14264
[BSP] 4af240e0bbae2a22ff4572e16d0df4bf : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 63 | Size: 76316 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2]_D_12202012_02d1102.txt >>
RKreport[1]_S_12202012_02d1055.txt ; RKreport[2]_D_12202012_02d1102.txt


Report •

#14
December 20, 2012 at 04:16:20
"I am most grateful"
That's Ok LolaSapphire, I enjoy the challenge.

Here is my time zone, note the clock works.
http://www.timeanddate.com/worldclo...

We are slowly, bit by bit, dismantling the infection. Shall be back soon, once I have had a think of what is best to do next.


Report •

#15
Report •

#16
December 20, 2012 at 16:51:18
Hey Johnw, Thanks I've followed the above steps and the following is a log from Hitman Pro......

[code]
HitmanPro 3.7.0.184
www.hitmanpro.com

Computer name . . . . : HOME-IBM-PC
Windows . . . . . . . : 5.1.3.2600.X86/1
User name . . . . . . : HOME-IBM-PC\Administrator
License . . . . . . . : Trial (30 days left)

Scan date . . . . . . : 2012-12-20 22:27:47
Scan mode . . . . . . : Normal
Scan duration . . . . : 15m 54s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : Yes

Threats . . . . . . . : 3
Traces . . . . . . . : 10

Objects scanned . . . : 1,256,937
Files scanned . . . . : 59,540
Remnants scanned . . : 226,370 files / 971,027 keys

Malware _____________________________________________________________________

C:\WINDOWS\FixCamera.exe -> Quarantined
Size . . . . . . . : 20,480 bytes
Age . . . . . . . : 67.5 days (2012-10-14 11:30:43)
Entropy . . . . . : 2.8
SHA-256 . . . . . : 0026C6D69CA84BB7460EAA2213FBF93D9FE55571C4F1C1AA5A34FACB9702BEE3
Product . . . . . : CameraFixer Application
Publisher
Description . . . : CameraFixer MFC Application
Version . . . . . : 1.0.0.9
Copyright . . . . : Copyright (C) 2005
Running processes : 4080
> a-Squared . . . . : Trojan.Win32.KillProc.AMN!A2
Fuzzy . . . . . . : 114.0
Startup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\FixCamera
References
HKU\S-1-5-21-776561741-1644491937-725345543-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\WINDOWS\FixCamera.exe


Malware remnants ____________________________________________________________

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}\ (Adware.ClickPotato) -> Deleted
HKU\S-1-5-21-776561741-1644491937-725345543-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}\ (Adware.ClickPotato) -> Deleted

Potential Unwanted Programs _________________________________________________

HKU\S-1-5-21-776561741-1644491937-725345543-500\Software\Microsoft\Internet Explorer\Approved Extensions\{9D717F81-9148-4F12-8568-69135F087DB0} (SearchQU)
HKU\S-1-5-21-776561741-1644491937-725345543-500\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4f12-8568-69135F087DB0},\ (SearchQU)

Cookies _____________________________________________________________________

C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cgipzca2.default\cookies.sqlite:invitemedia.com
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cgipzca2.default\cookies.sqlite:xiti.com


[/code]


Report •

#17
Report •

#18
December 21, 2012 at 01:30:46
Hi Johnw, Thanks again, I tried to post the report but was faced with the following message. However, as much as it had a lot of data the results looked ok, with no threats found, but if you need a copy of the report anyway, can you suggest how I can send it to you please :-
Request Entity Too Large
The requested resource
/cgi-bin/post_store.pl
does not allow request data with POST requests, or the amount of data provided in the request exceeds the capacity limit. ‹uRMOã0=oÅ®¨)pr,5‰ÛFk6õ Á¹í"¥Iwâ‚ø÷k;IS°Í8óæùÍ[¨{ÉG#¶Ó„3•*)xZ¤J—°BzGAT Ú <Ô¦DYòÑ<Îd–‡—3ÜÿX,•È="çî15¤€(Ë‘‡×ð˜&jÞ\ßA,¤\=Lãt9'|ÀTîŒs’üΞ8õ;ü/ æl–-¬ÒgÞÂWQ,ú©¦ÈÖãò¬±=gpœ=ÖCúð¹ÔSj”®ÌâßþfêLì¹ô^|KÀÒû9¬ò8¼6õþp´r_>4UEõ:~-v0•é|J1S}#'êŽÁ[ß„®ú‰?\½!4mÕXmê£ënAW€® `Þ´á;ÚÈ ;ª÷àT”hìûðY ÿ±1cx(Q7†>­9aYë­E±`Í-Àtçïª×%îá€Ôi®,ueôÆø¨Þ1¤MMãn¾’¶´aߦá®ß;üuB'¸õ† ÜÚz§]ýÿÐÀ

Report •

#19
December 21, 2012 at 01:51:24
Thanks again Johnw, I ran the TDSSKiller but When I tried to post the results it would not allow me to; stating "Entity Too Large etc....... However, all looked well with no infections/threats found, I've been trying to send this message 3/4 times, so if it gets repeated I'm sorry, I tried to PM you the report but it was still too large??.

Report •

#20
December 21, 2012 at 02:24:19
" I tried to PM you the report but it was still too large??"

Use Image Uploader & post the links please.
http://www.softpedia.com/get/Intern...
http://www.softpedia.com/progScreen...
http://zenden.ws/imageuploader_ru
How to use.
http://i.imgur.com/C1qBB.gif
http://i.imgur.com/wqOKq.gif
http://i.imgur.com/PujnZ.gif


Report •

#21
December 22, 2012 at 08:02:16
Thanks Johnw
[url=http://zalil.ru/34101297]KaspersyTDSSKiller.doc[/url]

Report •

#22
December 22, 2012 at 15:14:52
No surprises in that log LolaSapphire.

A final log please.

Download Security Check by screen317 from one of the following links and save it to your desktop.
http://screen317.spywareinfoforum.o...
http://screen317.changelog.fr/Secur...
* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Save it to your Desktop.
* Double click SecurityCheck.exe. If you run Windows Vista or 7, right click and choose 'Run as Administrator'.
o If you are asked by Windows to run this program or not, please click 'Yes' or 'Run'.
o When you see a console window, press any key to continue scanning.
o Wait while it scans.
o If your firewall alerts you of Security Check, please press 'Allow' or similar.
* A Notepad document should open automatically after scan is completed. It will be called checkup.txt; please post the contents of that document.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.


Report •

#23
December 22, 2012 at 17:14:48
Hi Johnw, the following is the requested post as per above message:-

Results of screen317's Security Check version 0.99.56
Windows XP Service Pack 3 x86
Internet Explorer 8
[b][u]``````````````Antivirus/Firewall Check:``````````````[/b][/u]
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
[b][u]`````````Anti-malware/Other Utilities Check:`````````[/b][/u]
MVPS Hosts File
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.65.1.1000
CCleaner
Java(TM) 6 Update 37
[color=red][b]Java version out of Date![/b][/color]
Adobe Flash Player 11.5.502.135
Adobe Reader 10.1.4 [color=red][b]Adobe Reader out of Date![/b][/color]
Mozilla Firefox (17.0.1)
[b][u]````````Process Check: objlist.exe by Laurent````````[/b][/u]
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 avastUI.exe
[b][u]`````````````````System Health check`````````````````[/b][/u]
Total Fragmentation on Drive C:: 31% [color=red][b]Defragment your hard drive soon! (Do NOT defrag if SSD!)[/b][/color]
[b][u]````````````````````End of Log``````````````````````[/b][/u]


PLEASE NOTE BEFORE I READ YOU MAIL AND ACTIONED IT, I RAN ANTIMALWARE, AND THE FOLLOWING IS THE REPORT FROM THAT, IN CASE IT MAKES ANY DIFFERENCE:-

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.19.12

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: HOME-IBM-PC [administrator]

22/12/2012 17:36:29
mbam-log-2012-12-22 (17-36-29).txt

Scan type: Full scan (C:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 434759
Time elapsed: 2 hour(s), 21 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
C:\System Volume Information\_restore{4848034A-6218-4973-AC08-D7477D615088}\RP1224\A1995367.exe (PUP.215Apps) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4848034A-6218-4973-AC08-D7477D615088}\RP1224\A1995362.exe (PUP.215Apps) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4848034A-6218-4973-AC08-D7477D615088}\RP1224\A1995363.dll (PUP.215Apps) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4848034A-6218-4973-AC08-D7477D615088}\RP1224\A1995364.exe (PUP.215Apps) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4848034A-6218-4973-AC08-D7477D615088}\RP1224\A1995368.exe (PUP.215Apps) -> Quarantined and deleted successfully.
F:\My Documents\LORRAINE'S EVERYTHING\Downloads\software\Unlocking Software\setool2liteV1.11\setool2lt.exe (Malware.Packer.T) -> Quarantined and deleted successfully.

(end)


Report •

#24
December 22, 2012 at 18:57:15
Thanks LolaSapphire, wanted to see how your security shaped up.

To get your comp more secure, you need to update these.

Java(TM) 6 Update 37
[color=red][b]Java version out of Date![/b][/color]

Adobe Reader 10.1.4 [color=red][b]Adobe Reader out of Date![/b][/color]


Report •

#25
December 22, 2012 at 19:05:06
"I RAN ANTIMALWARE"
Good move, you can never run too many programs as we break down the infection, bit by bit.

We now need to make sure, no more nasties are hiding in System Restore, this is how you do it.

How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/kb/310...

Reboot & run MBAM again, with a new log please.

After MBAM, Run Hitman Pro & post the results please.
http://www.softpedia.com/get/Intern...
http://www.softpedia.com/progScreen...
http://www.surfright.nl/en/HitmanPro
http://www.surfright.nl/en/hitmanpro/
Unlimited free scanning and free 30-day version to remove detected malware.
Download now (32-bit)
http://dl.surfright.nl/HitmanPro35.exe
Review
http://www.youtube.com/watch?v=WmPQ...


Report •

#26
December 23, 2012 at 07:33:54
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.19.12

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: HOME-IBM-PC [administrator]

23/12/2012 13:26:58
mbam-log-2012-12-23 (13-26-58).txt

Scan type: Full scan (C:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 416830
Time elapsed: 2 hour(s), 2 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Report •

#27
December 23, 2012 at 08:25:19
[code]
HitmanPro 3.7.0.185
www.hitmanpro.com

Computer name . . . . : HOME-IBM-PC
Windows . . . . . . . : 5.1.3.2600.X86/1
User name . . . . . . : HOME-IBM-PC\Administrator
License . . . . . . . : Trial (27 days left)

Scan date . . . . . . : 2012-12-23 15:35:29
Scan mode . . . . . . : Normal
Scan duration . . . . : 9m 41s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No

Threats . . . . . . . : 0
Traces . . . . . . . : 4

Objects scanned . . . : 1,256,932
Files scanned . . . . : 59,645
Remnants scanned . . : 226,152 files / 971,135 keys

Potential Unwanted Programs _________________________________________________

HKU\S-1-5-21-776561741-1644491937-725345543-500\Software\Microsoft\Internet Explorer\Approved Extensions\{9D717F81-9148-4F12-8568-69135F087DB0} (SearchQU) -> Deleted
HKU\S-1-5-21-776561741-1644491937-725345543-500\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4f12-8568-69135F087DB0},\ (SearchQU) -> Deleted

Cookies _____________________________________________________________________

C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cgipzca2.default\cookies.sqlite:invitemedia.com
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cgipzca2.default\cookies.sqlite:xiti.com


[/code]

@John w Thats all the reports actioned and printed for your perusal, should I now turn System Restore back ON or is there anything else I should do? I look forward to your response. LolaSapphire :)


Report •

#28
December 23, 2012 at 13:55:25
"should I now turn System Restore back ON"
Yes, LolaSapphire.


Report •

#29
December 23, 2012 at 14:12:43
A lot of programs, now give you the choice to install toolbars & other during the install. Either uncheck these items during install, or use Custom.

Since running AdwCleaner the first time, you have installed SearchQU, the program that installed it, would have given you the choice.

Run AdwCleaner again please.


Report •

#30
December 23, 2012 at 14:25:32
To stop tracking cookies, install this.

1: Mozilla Labs: Prospector - about:trackers
http://www.softpedia.com/get/Intern...
http://www.softpedia.com/progScreen...
https://blog.mozilla.org/labs/2012/...

2: After doing the above, clean up what was already installed, use this.
SUPERAntiSpyware
http://www.softpedia.com/get/Intern...
http://www.softpedia.com/progScreen...
http://www.superantispyware.com/ind...


Report •

#31
December 24, 2012 at 05:59:37
# AdwCleaner v2.007 - Logfile created 12/24/2012 at 13:58:06
# Updated 06/11/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Administrator - HOME-IBM-PC
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Administrator\My Documents\Downloads\AdwCleaner(1).exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-GB)

Profile name : default
File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cgipzca2.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [32285 octets] - [19/12/2012 23:05:21]
AdwCleaner[R2].txt - [1204 octets] - [24/12/2012 03:38:01]
AdwCleaner[R3].txt - [1077 octets] - [24/12/2012 13:58:06]
AdwCleaner[S1].txt - [32910 octets] - [19/12/2012 23:23:07]

########## EOF - C:\AdwCleaner[R3].txt - [1198 octets] ##########


Report •

#32
December 24, 2012 at 14:48:12
Hey Johnw, Can't thank you enough, I've did all you said I should, and now I have no problems, I even gained 3.5GB disk space, I'm thinking this would now be a very good time to back up my pc, are there any programs you'd personally suggest? and should I keep all the downloaded programmes you suggested on my pc for future use? Merry Christmas to you LolaSapphire x

Report •

#33
December 27, 2012 at 05:02:18
Thank you LolaSapphire & a belated Merry Xmas to you.

Had a comp I was fixing for a very depressed person, just got it finished before traveling 430km's to the family Xmas.

Back home now, 2 comps waiting to be fixed.
Neither of them urgent, so they will probably take about a week.

"should I keep all the downloaded programmes"
I do, just a matter of updating before using.

" I'm thinking this would now be a very good time to back up my pc, are there any programs you'd personally suggest?"
Big question, so many ways of doing it, I personally, only back up my important files, emails & address book.
I use FileGee Backup & Sync Personal Edition
http://www.softpedia.com/get/System...
http://www.softpedia.com/progScreen...
http://www.filegee.com/FileGeeENP.exe

Happy New Year.


Report •

#34
December 27, 2012 at 05:33:39
Hi JohnW, I hope you managed to enjoy family xmas after all that hard work..

I have noticed a process hogging my resources called wuaucle.exe, I have googled it and this is an excerpt from a site, not quite sure what to do about it, but again, this just may be an attempt for me to download bogus software, I'm looking at other resources on the internet and I won't download anything, I feel is suspiscious looking or without your expertise, which has been invaluable to me this past week, Thanks.

edit: Link to following info http://www.removespywaretips.com/ex...

"We received the files of wuaucle.exe on 1.9.2008 and detected it is a rogue anti-spyware program. wuaucle.exe file size of the samples we received is unknown bytes. wuaucle.exe is a critical system problem that is commonly caused by an unstable system registry or corrupt system files that are required to run Windows smoothly. This must be fixed immediately to prevent further problems to your data, applications and hardware. "

I've also not backed up yet because of this, any suggestions or advice on what it is?


Report •

#35
December 27, 2012 at 06:28:22
"wuaucle"

Double check that spelling please.

Copy & paste if you can, always the best way to avoid typo's.


Report •

#36
December 27, 2012 at 07:55:59
Hi JohnW I'm a bit of a spelling police myself....lol, so I made sure that was the correct spelling, at first I just assumed it was the windows update automatic process, but I ran that the other day I think its eachTuesday during night that it downloads, I did the download, install then rebooted as usual for updates to take effect, so I know I ran it. Odd thing is that now it is not running anywhere in my Task Manager Processes??? Hmm just thought you should know that.

Report •

#37
December 27, 2012 at 15:29:24
Hi LolaSapphire, if it happens again, right click on it > Properties, copy & paste the name.

When you google, google itself thinks the name is wrong & when you insist the name is correct, it sends you to sites that offer programs that require money. Very suspicious.
http://i.imgur.com/QETaU.gif
http://www.removespywaretips.com/ex...

I use these on every comp I work on & am about to use them right now. Even though you have CCleaner, as I do, I would still run these.

Run Wise Disk Cleaner ( Run the 1st three tabs, left to right. I use default settings, leave boxes that are unchecked, unchecked ) Reboot when finished.
http://www.softpedia.com/get/System...
http://www.softpedia.com/progScreen...
http://www.wisecleaner.com/download...

Run Wise Registry Cleaner ( Only use Registry Cleaner & with default settings ) Reboot when finished.
http://www.softpedia.com/get/Tweak/...
http://www.softpedia.com/progScreen...
http://www.wisecleaner.com/wiseregi...


Report •

Ask Question