Virus/Maleware...

Closed

Gervarod Posts 306 Registration date Saturday March 27, 2010 Status Member Last seen June 8, 2014 - May 10, 2014 at 01:59 PM
Blocked Profile - May 12, 2014 at 08:57 PM

Hello,
there i keep getting this Reminder! Your computer is not backed up" pop-up icon on my computer, ive uninstalled it but not sure if it be removed fully, can anyone hep me on what i shoud not have in this log file from hijack this... cheers

i know some stuff is ment to be on here but some i dont know if it is stil the virus or malware....

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:58:49 AM, on 11/05/2014
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Internode\mum.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Gerva\AppData\Local\Google\Update\1.3.24.7\GoogleCrashHandler.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKCU\..\Run: [InternodeUsage] C:\PROGRA~1\INTERN~3\mum.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Gerva\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Update Service (gupdate1caf7682a98b9c0) (gupdate1caf7682a98b9c0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\system32\nlssrv32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

Virus/Maleware...
Goose virus - Download - Other
Can jpg have virus - Guide
Online virus scan - Guide
Ntuser.dat virus - Guide
Chrome redirect virus - Guide

12 responses

Answer 1 / 12

2011N2 Posts 13352 Registration date Saturday January 29, 2011 Status Security contributor Last seen December 24, 2016 39
May 10, 2014 at 04:34 PM

Hello,

First, uninstall Spybot, it is obsolete.

Then :

To help you and prescribe the remedy, I must make a diagnostic and to do so, I require a log.

1. Open this link and download ZHPDiag2 :

https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html

(Don't be alarmed is the site is in French, it sometimes happens, the tool will take your system language and allow the download if you get a warning message.)

2. Save the file on your Desktop.

3. Double click on ZHPDiag.exe and follow the installation instructions.

(For Vista and Win 7 users, click right to ensure you execute with admin right)

The tool creates three icons ZHPDiag, MRB, and ZHPFix (If necessary,we will use ZHPFix after log analysis).

4. Double click on the short cut ZHPDiag on your Destktop.

5. If you need to change the language, click on the little house, (bottom right) and change to English

6. Click on the Full options.

Wait for the tool to finished (maybe a long time)

7. Close ZHPDiag.

8. To transmit the report, click on this link :

https://authentification.site

9. Search the directory where you installed ZHPDiag (usually C:\desktop\zhpdiag.txt).

10. Select the file ZHPDiag.txt.

11. Click on "upload »

12. Copy the URL and post it here.

Gabriel.

Gervarod Posts 306 Registration date Saturday March 27, 2010 Status Member Last seen June 8, 2014 21
May 11, 2014 at 01:17 AM

its scanning. hope to get it on here for ya soon

Gervarod Posts 306 Registration date Saturday March 27, 2010 Status Member Last seen June 8, 2014 21
May 11, 2014 at 01:24 AM

http://speedy.sh/E4kC9/ZHPDiag.txt
[code]http://speedy.sh/E4kC9/ZHPDiag.txt/code
<a href="http://speedy.sh/E4kC9/ZHPDiag.txt">Download at SpeedyShare</a>

not sure which one u need so here they are.

Answer 2 / 12

2011N2 Posts 13352 Registration date Saturday January 29, 2011 Status Security contributor Last seen December 24, 2016 39
May 11, 2014 at 03:10 AM

Hello,

Download the following Adwcleaner created by Xplode
https://ccm.net/downloads/security-and-maintenance/6911-adwcleaner/
Launch it (for Windows 7 and 8, click right to run as administrator)
Click on delete
Post the log C:\Adwcleaner[Sx].txt on this thread.

Gabriel.

Gervarod Posts 306 Registration date Saturday March 27, 2010 Status Member Last seen June 8, 2014 21
May 11, 2014 at 05:39 AM

# AdwCleaner v3.207 - Report created 11/05/2014 at 19:25:26
# Updated 05/05/2014 by Xplode
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Username : Gerva - GERVA-PC
# Running from : C:\Users\Gerva\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Free Ride Games
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\SweetIM
Folder Deleted : C:\Program Files\AGI
Folder Deleted : C:\Program Files\Application Updater
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Free Ride Games
Folder Deleted : C:\Program Files\SweetIM
Folder Deleted : C:\Program Files\YouTube Downloader Toolbar
Folder Deleted : C:\Program Files\A_Free_Ride_Games_Bar
Folder Deleted : C:\Program Files\Common Files\Spigot
Folder Deleted : C:\Windows\system32\AI_RecycleBin
Folder Deleted : C:\Users\April\AppData\Local\Conduit
Folder Deleted : C:\Users\April\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\April\AppData\LocalLow\Kiwee Toolbar
Folder Deleted : C:\Users\April\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\April\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\April\AppData\LocalLow\A_Free_Ride_Games_Bar
Folder Deleted : C:\Users\April\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Ride Games
Folder Deleted : C:\Users\Cayne and Aprils\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Gerva\AppData\Local\OpenCandy
Folder Deleted : C:\Users\Gerva\AppData\Local\PackageAware
Folder Deleted : C:\Users\Gerva\AppData\LocalLow\AGI
Folder Deleted : C:\Users\Gerva\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Gerva\AppData\LocalLow\FunWebProducts
Folder Deleted : C:\Users\Gerva\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Gerva\AppData\Roaming\Search Protection
Folder Deleted : C:\Users\April\AppData\Roaming\Mozilla\Firefox\Profiles\m83nwbxb.default\ConduitCommon
Folder Deleted : C:\Users\April\AppData\Roaming\Mozilla\Firefox\Profiles\m83nwbxb.default\CT1320680
Folder Deleted : C:\Users\Gerva\AppData\Roaming\Mozilla\Firefox\Profiles\h2g8a0xd.default\Conduit
Folder Deleted : C:\Users\Gerva\AppData\Roaming\Mozilla\Firefox\Profiles\h2g8a0xd.default\SweetIMToolbarData
Folder Deleted : C:\Users\April\AppData\Roaming\Mozilla\Firefox\Profiles\m83nwbxb.default\Extensions\{f92a9fe4-2850-4198-b9d5-279880e49b16}
File Deleted : C:\Users\Public\Desktop\More FREE games.lnk
File Deleted : C:\Users\Public\Desktop\Play Free Games.lnk
File Deleted : C:\Windows\system32\Macromed\Flash\FlashPlayerTrust\UnifiedToolbar.cfg
File Deleted : C:\Users\April\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\April\AppData\Roaming\Mozilla\Firefox\Profiles\m83nwbxb.default\searchplugins\Conduit.xml
File Deleted : C:\Users\Gerva\AppData\Roaming\Mozilla\Firefox\Profiles\h2g8a0xd.default\searchplugins\SweetIm.xml

***** [ Shortcuts ] *****

***** [ Registry ] *****

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6832D7C8-905A-4B3F-B743-9EA8098B7904}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6832D7C8-905A-4B3F-B743-9EA8098B7904}
Key Deleted : HKLM\SOFTWARE\Classes\AG.MediaPlayerCOM
Key Deleted : HKLM\SOFTWARE\Classes\AppID\contenthandler.dll
Key Deleted : HKLM\SOFTWARE\Classes\contenthandler.contentselection
Key Deleted : HKLM\SOFTWARE\Classes\contenthandler.contentselection.1
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\sim-packages
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1320680
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2645238
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A5461FCA-320C-4D6F-A150-A53823CE8142}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E6375F37-E4D1-4F51-B651-4658C27AC5BF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1D110574-046A-43BB-A64C-4219E6A097DA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E16A203-C0AA-4D44-ACC5-38A70A8C76DA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C7403C30-3644-43D8-A82F-4BD84B9682D9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D110574-046A-43BB-A64C-4219E6A097DA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87A0B80B-5BA7-4CB0-9553-105D68777D60}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EA4F6FEB-C7A3-4D0C-A410-C9055C48DD4B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BA8615AD-1A18-4C75-9E64-E32DEEEAAF02}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{F92A9FE4-2850-4198-B9D5-279880E49B16}]
Key Deleted : HKCU\Software\AGI
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products
Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKLM\Software\AGI
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\Software\A_Free_Ride_Games_Bar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3A787631-66A2-4634-B928-A37E73B58FB6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search Protection
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A81A974F-8A22-43E6-9243-5198FF758DA1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\A_Free_Ride_Games_Bar Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{3A787631-66A2-4634-B928-A37E73B58FB6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A81A974F-8A22-43E6-9243-5198FF758DA1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstall
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Search Protection
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\A_Free_Ride_Games_Bar Toolbar
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8724E58E6C7D00C48A0D4F3345EB2C26
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B31BBB0B825EDEF45AB0FE7099C68C81
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B471D8D7319336B4CA89374ED0D7B806
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC30043663AA2CA4DA1DAA9CA5FDCC75
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC83385E6C239F4C876A77A37DF581D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F479A18A22A86E3429341589FF57D81A
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FA20CB7A821113A4CB8FA1E38E303D3B
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Features\F479A18A22A86E3429341589FF57D81A
Key Deleted : HKLM\Software\Classes\Installer\Features\FA20CB7A821113A4CB8FA1E38E303D3B
Key Deleted : HKLM\Software\Classes\Installer\Products\F479A18A22A86E3429341589FF57D81A
Key Deleted : HKLM\Software\Classes\Installer\Products\FA20CB7A821113A4CB8FA1E38E303D3B
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16421

-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\April\AppData\Roaming\Mozilla\Firefox\Profiles\m83nwbxb.default\prefs.js ]

Line Deleted : user_pref("CT1320680..clientLogIsEnabled", false);
Line Deleted : user_pref("CT1320680..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT1320680..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT1320680.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Line Deleted : user_pref("CT1320680.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref("CT1320680.BrowserCompStateIsOpen_129743096480413664", true);
Line Deleted : user_pref("CT1320680.BrowserCompStateIsOpen_129743096611979533", true);
Line Deleted : user_pref("CT1320680.BrowserCompStateIsOpen_129743096693544122", true);
Line Deleted : user_pref("CT1320680.CTID", "CT1320680");
Line Deleted : user_pref("CT1320680.CurrentServerDate", "16-4-2012");
Line Deleted : user_pref("CT1320680.DSInstall", true);
Line Deleted : user_pref("CT1320680.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT1320680.DialogsGetterLastCheckTime", "Sat Apr 14 2012 16:11:43 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT1320680.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT1320680.FeedPollDate7902519", "Tue Apr 17 2012 00:54:11 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT1320680.FeedPollDate7902549", "Tue Apr 17 2012 00:54:11 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT1320680.FeedPollDate7902562", "Tue Apr 17 2012 00:54:11 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT1320680.FirstServerDate", "8-4-2012");
Line Deleted : user_pref("CT1320680.FirstTime", true);
Line Deleted : user_pref("CT1320680.FirstTimeFF3", true);
Line Deleted : user_pref("CT1320680.FixPageNotFoundErrors", true);
Line Deleted : user_pref("CT1320680.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT1320680.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT1320680.HPInstall", true);
Line Deleted : user_pref("CT1320680.HasUserGlobalKeys", true);
Line Deleted : user_pref("CT1320680.HomePageProtectorEnabled", true);
Line Deleted : user_pref("CT1320680.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT1320680&SearchSource=13");
Line Deleted : user_pref("CT1320680.Initialize", true);
Line Deleted : user_pref("CT1320680.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT1320680.InstallationAndCookieDataSentCount", 3);
Line Deleted : user_pref("CT1320680.InstallationId", "Default-Default");
Line Deleted : user_pref("CT1320680.InstallationType", "ConduitXPEIntegration");
Line Deleted : user_pref("CT1320680.InstalledDate", "Sun Apr 08 2012 13:49:48 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT1320680.InvalidateCache", false);
Line Deleted : user_pref("CT1320680.IsAlertDBUpdated", true);
Line Deleted : user_pref("CT1320680.IsGrouping", false);
Line Deleted : user_pref("CT1320680.IsInitSetupIni", true);
Line Deleted : user_pref("CT1320680.IsMulticommunity", false);
Line Deleted : user_pref("CT1320680.IsOpenThankYouPage", false);
Line Deleted : user_pref("CT1320680.IsOpenUninstallPage", true);
Line Deleted : user_pref("CT1320680.IsProtectorsInit", true);
Line Deleted : user_pref("CT1320680.LanguagePackLastCheckTime", "Mon Apr 16 2012 16:07:22 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT1320680.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT1320680.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT1320680.LastLogin_3.10.0.1", "Mon Apr 16 2012 22:38:52 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT1320680.LatestVersion", "3.10.0.1");
Line Deleted : user_pref("CT1320680.Locale", "en");
Line Deleted : user_pref("CT1320680.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT1320680.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT1320680.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT1320680.MyStuffEnabledAtInstallation", true);
Line Deleted : user_pref("CT1320680.OriginalFirstVersion", "3.10.0.1");
Line Deleted : user_pref("CT1320680.RadioIsPodcast", false);
Line Deleted : user_pref("CT1320680.RadioLastCheckTime", "Mon Apr 16 2012 16:07:23 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT1320680.RadioLastUpdateIPServer", "3");
Line Deleted : user_pref("CT1320680.RadioLastUpdateServer", "128929877726170000");
Line Deleted : user_pref("CT1320680.RadioMediaID", "7842858");
Line Deleted : user_pref("CT1320680.RadioMediaType", "Media Player");
Line Deleted : user_pref("CT1320680.RadioMenuSelectedID", "EBRadioMenu_CT13206807842858");
Line Deleted : user_pref("CT1320680.RadioShrinkedFromSetup", false);
Line Deleted : user_pref("CT1320680.RadioStationName", "Channel%202%20-%20Hip%20Hop%2C%20Rap%20Praise");
Line Deleted : user_pref("CT1320680.RadioStationURL", "hxxp://70.250.196.50/yrbn2");
Line Deleted : user_pref("CT1320680.SavedHomepage", "chrome://branding/locale/browserconfig.properties");
Line Deleted : user_pref("CT1320680.SearchCaption", "A Free Ride Games Bar Customized Web Search");
Line Deleted : user_pref("CT1320680.SearchEngineBeforeUnload", "A Free Ride Games Bar Customized Web Search");
Line Deleted : user_pref("CT1320680.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT1320680.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1320680&SearchSource=2&q=");
Line Deleted : user_pref("CT1320680.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT1320680.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT1320680.SearchInNewTabLastCheckTime", "Mon Apr 16 2012 16:07:21 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT1320680.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT1320680.SearchProtectorEnabled", true);
Line Deleted : user_pref("CT1320680.SearchProtectorToolbarDisabled", false);
Line Deleted : user_pref("CT1320680.SendProtectorDataViaLogin", true);
Line Deleted : user_pref("CT1320680.ServiceMapLastCheckTime", "Mon Apr 16 2012 16:07:22 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT1320680.SettingsLastCheckTime", "Tue Apr 17 2012 00:54:09 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT1320680.SettingsLastUpdate", "1333743064");
Line Deleted : user_pref("CT1320680.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT1320680&SearchSource=13");
Line Deleted : user_pref("CT1320680.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT1320680.ThirdPartyComponentsLastCheck", "Sun Apr 08 2012 13:49:47 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT1320680.ThirdPartyComponentsLastUpdate", "1312887586");
Line Deleted : user_pref("CT1320680.ToolbarShrinkedFromSetup", false);
Line Deleted : user_pref("CT1320680.TrusteLinkUrl", "hxxp://trust.conduit.com/CT1320680");
Line Deleted : user_pref("CT1320680.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Line Deleted : user_pref("CT1320680.UserID", "UN21983808638340736");
Line Deleted : user_pref("CT1320680.ValidationData_Search", 0);
Line Deleted : user_pref("CT1320680.ValidationData_Toolbar", 2);
Line Deleted : user_pref("CT1320680.alertChannelId", "19248");
Line Deleted : user_pref("CT1320680.autoDisableScopes", -1);
Line Deleted : user_pref("CT1320680.backendstorage.autocompletepro_enable", "31");
Line Deleted : user_pref("CT1320680.backendstorage.autocompletepro_enable_auto", "31");
Line Deleted : user_pref("CT1320680.backendstorage.cbcountry_000", "4155");
Line Deleted : user_pref("CT1320680.backendstorage.cbfirsttime", "53756E2041707220303820323031322031333A35303A303720474D542B313030302028415553204561737465726E205374616E646172642054696D6529");
Line Deleted : user_pref("CT1320680.backendstorage.hxxp://api10_starwebnet_com.pid2", "39333562323537636632373535383739");
Line Deleted : user_pref("CT1320680.backendstorage.hxxp://api15_starwebnet_com.pid2", "39333562323537636632373535383739");
Line Deleted : user_pref("CT1320680.backendstorage.hxxp://api16_starwebnet_com.pid2", "39333562323537636632373535383739");
Line Deleted : user_pref("CT1320680.backendstorage.hxxp://api18_starwebnet_com.pid2", "39333562323537636632373535383739");
Line Deleted : user_pref("CT1320680.backendstorage.hxxp://api21_starwebnet_com.pid2", "39333562323537636632373535383739");
Line Deleted : user_pref("CT1320680.backendstorage.hxxp://api22_starwebnet_com.pid2", "39333562323537636632373535383739");
Line Deleted : user_pref("CT1320680.backendstorage.hxxp://api25_starwebnet_com.pid2", "39333562323537636632373535383739");
Line Deleted : user_pref("CT1320680.backendstorage.hxxp://api26_starwebnet_com.pid2", "39333562323537636632373535383739");
Line Deleted : user_pref("CT1320680.backendstorage.hxxp://api6_starwebnet_com.pid2", "39333562323537636632373535383739");
Line Deleted : user_pref("CT1320680.backendstorage.printitgreenstatus", "74727565");
Line Deleted : user_pref("CT1320680.backendstorage.shoppingapp.gk.exipres", "5765642041707220313820323031322032313A31343A353120474D542B313030302028415553204561737465726E205374616E646172642054696D6529");
Line Deleted : user_pref("CT1320680.backendstorage.shoppingapp.gk.geolocation", "6175737472616C6961");
Line Deleted : user_pref("CT1320680.backendstorage.url_history0001", "687474703A2F2F7777772E66616365626F6F6B2E636F6D2F3F7265663D746E5F746E6D6E3A3A3A636C69636B68616E646C65723A3A3A313333343536303035353737322C2C2C68747[...]
Line Deleted : user_pref("CT1320680.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Line Deleted : user_pref("CT1320680.globalFirstTimeInfoLastCheckTime", "Sun Apr 08 2012 13:49:50 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT1320680.homepageProtectorEnableByLogin", true);
Line Deleted : user_pref("CT1320680.initDone", true);
Line Deleted : user_pref("CT1320680.isAppTrackingManagerOn", true);
Line Deleted : user_pref("CT1320680.isFirstRadioInstallation", false);
Line Deleted : user_pref("CT1320680.myStuffEnabled", true);
Line Deleted : user_pref("CT1320680.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT1320680.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT1320680.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT1320680.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT1320680.navigateToUrlOnSearch", false);
Line Deleted : user_pref("CT1320680.revertSettingsEnabled", true);
Line Deleted : user_pref("CT1320680.searchProtectorDialogDelayInSec", 10);
Line Deleted : user_pref("CT1320680.searchProtectorEnableByLogin", true);
Line Deleted : user_pref("CT1320680.testingCtid", "");
Line Deleted : user_pref("CT1320680.toolbarAppMetaDataLastCheckTime", "Mon Apr 16 2012 16:07:22 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT1320680.toolbarContextMenuLastCheckTime", "Sun Apr 08 2012 13:49:52 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT1320680.usagesFlag", 2);
Line Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT1320680&SearchSource=13");
Line Deleted : user_pref("CommunityToolbar.ConduitSearchList", "A Free Ride Games Bar Customized Web Search");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT1320680/CT1320680", "\"c31e50b6e414b2568a5ff199a3b1da511\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/19248/18861/AU", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1320680", "\"1329836070\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "wNaokyQn90mMItP1sym06A==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "V3ke+ogt4ejn0sB1xPR3nw==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "ktZKgREPsk5m13TY9rsX+A==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "9zRvKErdMb8hJOq85ft5Vg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"80133a6b165cd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10.0.1", "\"4ead38b3e6bcd1:1308\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT1320680", "\"75babe825203d7a8eecb898dcf55bf17\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"c463735a2d2570b66c8391e7673c21ff\"");
Line Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\April\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\m83nwbxb.default\\conduitCommon\\modules\\3.10.0.1");
Line Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.10.0.1");
Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://au.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT1320680");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT1320680");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT1320680");
Line Deleted : user_pref("CommunityToolbar.globalUserId", "3b45aace-f143-418b-a89e-e1fd1df67478");
Line Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT1320680");
Line Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Apr 16 2012 16:07:23 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon Apr 16 2012 16:07:31 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Line Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Apr 16 2012 16:07:22 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Line Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Line Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.notifications.userId", "4036feda-09b8-4103-9e29-ee465453f218");
Line Deleted : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
Line Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Yahoo");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "A Free Ride Games Bar Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1320680&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("browser.search.selectedEngine", "A Free Ride Games Bar Customized Web Search");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT1320680&SearchSource=13");

[ File : C:\Users\Cayne and Aprils\AppData\Roaming\Mozilla\Firefox\Profiles\tirb12c6.default\prefs.js ]

Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
Line Deleted : user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");

[ File : C:\Users\Gerva\AppData\Roaming\Mozilla\Firefox\Profiles\h2g8a0xd.default\prefs.js ]

Line Deleted : user_pref("CT2645238.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref("CT2645238.CTID", "ct2645238");
Line Deleted : user_pref("CT2645238.CurrentServerDate", "22-10-2010");
Line Deleted : user_pref("CT2645238.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2645238.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT2645238.EMailNotifierPollDate", "Sat Oct 23 2010 00:57:14 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("CT2645238.FirstServerDate", "22-10-2010");
Line Deleted : user_pref("CT2645238.FirstTime", true);
Line Deleted : user_pref("CT2645238.FirstTimeFF3", true);
Line Deleted : user_pref("CT2645238.FirstTimeSettingsDone", true);
Line Deleted : user_pref("CT2645238.FixPageNotFoundErrors", true);
Line Deleted : user_pref("CT2645238.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT2645238.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT2645238.Initialize", true);
Line Deleted : user_pref("CT2645238.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT2645238.InstallationAndCookieDataSentCount", 3);
Line Deleted : user_pref("CT2645238.InstallationType", "UnknownIntegration");
Line Deleted : user_pref("CT2645238.InstalledDate", "Fri Oct 22 2010 18:07:44 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("CT2645238.IsGrouping", false);
Line Deleted : user_pref("CT2645238.IsMulticommunity", false);
Line Deleted : user_pref("CT2645238.IsOpenThankYouPage", false);
Line Deleted : user_pref("CT2645238.IsOpenUninstallPage", true);
Line Deleted : user_pref("CT2645238.LanguagePackLastCheckTime", "Fri Oct 22 2010 18:08:05 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("CT2645238.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT2645238.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT2645238.LastLogin_2.6.0.15", "Fri Oct 22 2010 23:01:27 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("CT2645238.LatestVersion", "2.6.0.15");
Line Deleted : user_pref("CT2645238.Locale", "en");
Line Deleted : user_pref("CT2645238.LoginCache", 4);
Line Deleted : user_pref("CT2645238.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT2645238.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT2645238.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT2645238.SHRINK_TOOLBAR", 1);
Line Deleted : user_pref("CT2645238.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=ct2645238&octid=EB_ORIGINAL_CTID&SearchSource=1");
Line Deleted : user_pref("CT2645238.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT2645238.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&q=");
Line Deleted : user_pref("CT2645238.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT2645238.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT2645238.SearchInNewTabLastCheckTime", "Fri Oct 22 2010 18:07:59 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("CT2645238.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2645238.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2645238.SettingsCheckIntervalMin", 120);
Line Deleted : user_pref("CT2645238.SettingsLastCheckTime", "Fri Oct 22 2010 18:07:42 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("CT2645238.SettingsLastUpdate", "1287331461");
Line Deleted : user_pref("CT2645238.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT2645238.ThirdPartyComponentsLastCheck", "Fri Oct 22 2010 18:07:42 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("CT2645238.ThirdPartyComponentsLastUpdate", "1246790578");
Line Deleted : user_pref("CT2645238.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
Line Deleted : user_pref("CT2645238.UserID", "UN92262955372805472");
Line Deleted : user_pref("CT2645238.ValidationData_Toolbar", 2);
Line Deleted : user_pref("CT2645238.alertChannelId", "1037922");
Line Deleted : user_pref("CT2645238.clientLogIsEnabled", false);
Line Deleted : user_pref("CT2645238.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT2645238.components.1000082", false);
Line Deleted : user_pref("CT2645238.components.1000234", false);
Line Deleted : user_pref("CT2645238.ct2645238.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2645238.ct2645238.FirstTimeSettingsDone", true);
Line Deleted : user_pref("CT2645238.ct2645238.LanguagePackLastCheckTime", "Fri Oct 22 2010 18:08:02 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("CT2645238.ct2645238.Locale", "en");
Line Deleted : user_pref("CT2645238.ct2645238.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2645238&octid=EB_ORIGINAL_CTID&SearchSource=1");
Line Deleted : user_pref("CT2645238.ct2645238.SearchInNewTabLastCheckTime", "Fri Oct 22 2010 18:08:13 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("CT2645238.ct2645238.SettingsCheckIntervalMin", 120);
Line Deleted : user_pref("CT2645238.ct2645238.SettingsLastCheckTime", "Fri Oct 22 2010 23:01:26 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("CT2645238.ct2645238.SettingsLastUpdate", "1287331461");
Line Deleted : user_pref("CT2645238.ct2645238.ThirdPartyComponentsLastCheck", "Fri Oct 22 2010 18:07:58 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("CT2645238.ct2645238.ThirdPartyComponentsLastUpdate", "1246790578");
Line Deleted : user_pref("CT2645238.myStuffEnabled", true);
Line Deleted : user_pref("CT2645238.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT2645238.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT2645238.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT2645238.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT2645238.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.imgag.com/?appid=kwtb&component=UnifiedToolbarFF&c=GNKIW29197&sbs=1&sc=&f=web&vernum=3.2&uid=&did={4a316603-1426-407e-95ff-a36[...]
Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2645238");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2645238");
Line Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri Oct 22 2010 18:08:02 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
Line Deleted : user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
Line Deleted : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Line Deleted : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Line Deleted : user_pref("sweetim.toolbar.mode.debug", "false");
Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://search.imgag.com/?appid=kwtb&component=UnifiedToolbarFF&c=GNKIW29197&sbs=1&sc=&f=web&vernum=3.2&uid=&did={4a316603-1426-407e-95ff-a36e9a5d3acb[...]
Line Deleted : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"hxxp://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://search.yahoo.com/*\" param=\"[...]
Line Deleted : user_pref("sweetim.toolbar.search.history.capacity", "10");
Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.simapp_id", "{50B531F0-2665-11E1-A594-F9AB6CA1EC0A}");
Line Deleted : user_pref("sweetim.toolbar.version", "1.3.0.1");

[ File : C:\Users\Graboid\AppData\Roaming\Mozilla\Firefox\Profiles\wk6yv011.default\prefs.js ]

Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
Line Deleted : user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");

-\\ Google Chrome v34.0.1847.131

[ File : C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\Gerva\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Extension] : bopakagnckmlgajfccecajhnimjiiedh

*************************

AdwCleaner[R0].txt - [48258 octets] - [11/05/2014 19:15:37]
AdwCleaner[S0].txt - [49122 octets] - [11/05/2014 19:25:26]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [49183 octets] ##########

Answer 3 / 12

2011N2 Posts 13352 Registration date Saturday January 29, 2011 Status Security contributor Last seen December 24, 2016 39
May 11, 2014 at 10:22 AM

Good. :)

Download Shortcut_Module from this link :

http://www.telecharger.sosvirus.net/download/shortcut-module/

save it to your desktop, run it and click on "Clean" after it has verified if it's up to date

Attention : It'll close all the programs opened like IE, Firefox, Word etc...

If the tool detects a proxy and if you didn't install one , click on "Delete the proxy"

It'll give a report at the end of the scan , in C:\Shortcut_Module_date_hour.txt , after the reboot of the machine.

Send the report on speedyshare and past the link.

Gabriel.

Gervarod Posts 306 Registration date Saturday March 27, 2010 Status Member Last seen June 8, 2014 21
May 11, 2014 at 07:58 PM

Done..
is there any other scanning i need to do or is it nearly cleaned??

http://speedy.sh/CgHsj/Shortcut-Module-12-05-2014-09-45-42.txt
[code]http://speedy.sh/CgHsj/Shortcut-Module-12-05-2014-09-45-42.txt/code
<a href="http://speedy.sh/CgHsj/Shortcut-Module-12-05-2014-09-45-42.txt">Download at SpeedyShare</a>

Gervarod Posts 306 Registration date Saturday March 27, 2010 Status Member Last seen June 8, 2014 21
May 12, 2014 at 03:30 AM

for some reason that my Firewall was turned off, would one of these scanners do that?? cos im not sure of it or did the virus do it??

Gervarod Posts 306 Registration date Saturday March 27, 2010 Status Member Last seen June 8, 2014 21
May 12, 2014 at 04:07 AM

and for some reason when i got into firfox today google was in www.google.fr. for some reason

Answer 4 / 12

2011N2 Posts 13352 Registration date Saturday January 29, 2011 Status Security contributor Last seen December 24, 2016 39
May 12, 2014 at 05:19 AM

Hello,

No, any tool turned off your firewall.
For google.fr, it is probably AdwCleaner or Shortcut_Module.

But can your run again Shortcut_Module with Avast and Windows Defender disabled ?
Anyway, you can let Windows Defender off.

Gabriel.

Gervarod Posts 306 Registration date Saturday March 27, 2010 Status Member Last seen June 8, 2014 21
May 12, 2014 at 08:56 AM

heres the results... if theres anymore to do to it let me know cheers,

http://speedy.sh/bEEfM/Shortcut-Module-12-05-2014-22-15-59.txt
[code]http://speedy.sh/bEEfM/Shortcut-Module-12-05-2014-22-15-59.txt/code
<a href="http://speedy.sh/bEEfM/Shortcut-Module-12-05-2014-22-15-59.txt">Download at SpeedyShare</a>

Didn't find the answer you are looking for?

Ask a question

Answer 5 / 12

2011N2 Posts 13352 Registration date Saturday January 29, 2011 Status Security contributor Last seen December 24, 2016 39
May 12, 2014 at 09:47 AM

OK, it's better. :)

Now, run again ZHPDiag please.

Gabriel.

Gervarod Posts 306 Registration date Saturday March 27, 2010 Status Member Last seen June 8, 2014 21
May 12, 2014 at 10:26 AM

scanning but it crashed few times.

Answer 6 / 12

2011N2 Posts 13352 Registration date Saturday January 29, 2011 Status Security contributor Last seen December 24, 2016 39
May 12, 2014 at 10:31 AM

If it no responding, wait, it works... :)

Gabriel.

Gervarod Posts 306 Registration date Saturday March 27, 2010 Status Member Last seen June 8, 2014 21
May 12, 2014 at 10:33 AM

http://speedy.sh/rxxAx/ZHPDiag2.lnk
[code]http://speedy.sh/rxxAx/ZHPDiag2.lnk/code
<a href="http://speedy.sh/rxxAx/ZHPDiag2.lnk">Download at SpeedyShare</a>

it completed scanning.

Answer 7 / 12

2011N2 Posts 13352 Registration date Saturday January 29, 2011 Status Security contributor Last seen December 24, 2016 39
May 12, 2014 at 10:35 AM

OK, but you hosted the shortcut of ZHPDiag, I required the .txt file. :)

Gabriel.

Gervarod Posts 306 Registration date Saturday March 27, 2010 Status Member Last seen June 8, 2014 21
May 12, 2014 at 10:40 AM

oh ok then. ill look and find it.

2011N2 Posts 13352 Registration date Saturday January 29, 2011 Status Security contributor Last seen December 24, 2016 39
May 12, 2014 at 10:41 AM

It is saved on the desktop.

Gervarod Posts 306 Registration date Saturday March 27, 2010 Status Member Last seen June 8, 2014 21
May 12, 2014 at 10:49 AM

it didnt this this.

Gervarod Posts 306 Registration date Saturday March 27, 2010 Status Member Last seen June 8, 2014 21
May 12, 2014 at 10:53 AM

http://speedy.sh/CggDg/ZHPDiag.txt
[code]http://speedy.sh/CggDg/ZHPDiag.txt/code
<a href="http://speedy.sh/CggDg/ZHPDiag.txt">Download at SpeedyShare</a>

Gervarod Posts 306 Registration date Saturday March 27, 2010 Status Member Last seen June 8, 2014 21
May 12, 2014 at 10:54 AM

i had to scan it again. but uninstal it and reinstall it and scan then.

Answer 8 / 12

2011N2 Posts 13352 Registration date Saturday January 29, 2011 Status Security contributor Last seen December 24, 2016 39
May 12, 2014 at 11:00 AM

It's OK.

1. Close all applications

2. Select and copy all of the following bold lines.
----------------------------------------------------------------------------------

Script ZHPFix
M3 - MFPP: Plugins - [Gerva] -- C:\Users\Gerva\AppData\Roaming\Mozilla\Firefox\Profiles\h2g8a0xd.default\searchplugins\kiwee-toolbar.xml
O42 - Logiciel: YouTube Downloader Toolbar v4.9 - (.Spigot, Inc..) [HKLM] -- {FD66AF34-C18A-4cea-8421-2F3B39E9B07E}
[HKCU\Software\AppDataLow\Software\YouTube Downloader]
[HKLM\Software\YouTube Downloader]
O43 - CFD: 10/05/2014 - 12:31:13 AM - [] ----D C:\Program Files\YouTube Downloader
O43 - CFD: 10/05/2014 - 12:31:19 AM - [] ----D C:\ProgramData\YouTube Downloader
O61 - LFC: 10/05/2014 - 12:51:35 AM ---A- . (.Spigot, Inc..) -- C:\Users\Gerva\AppData\Roaming\Browser Extensions\Uninstall.exe [551555]
[MD5.CA08D5331E2F3B93E1F9C60526A47A74] [WIS][12/05/2014] (.Spigot, Inc. - Widgi Toolbar.) -- C:\Windows\Installer\b80f72b.msi [1361408]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{FD66AF34-C18A-4cea-8421-2F3B39E9B07E}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1c99b848-84cb-4ce4-8cd8-ed5719484d9f}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1c99b848-84cb-4ce4-8cd8-ed5719484d9f}]
[HKLM\Software\Classes\CLSID\{e03bafdc-eb9d-4c35-a7a2-ab6c62ff0a68}]
[HKLM\Software\Classes\Installer\Features\43FA66DFA81Caec44812F2B3939E0BE7]
[HKLM\Software\Classes\Installer\Products\43FA66DFA81Caec44812F2B3939E0BE7]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\43FA66DFA81Caec44812F2B3939E0BE7]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\605D9CE62A1537448AD4380B647A0F32]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1039F8C12A30A304D910F4156F6CB9D6]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\38FE02D4E14502B43B7E7F7DAEA50FF6]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\854D7616DD752AA439F2BD7B7AA4E253]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8DFC7842FE771B1448E64FDB75BF84D5]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BB8027A57AF3E499094F178F81F04C]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CD1B33C4DAE26564DBAE2830EF3B9014]
C:\Program Files\YouTube Downloader
C:\ProgramData\YouTube Downloader
C:\Users\Gerva\AppData\LocalLow\YouTube Downloader
C:\Windows\Installer\b80f72b.msi
O43 - CFD: 2/05/2014 - 4:50:59 PM - [0] ----D C:\Program Files\McAfee Security Scan

3. ZHP Diag created a short cut on your desktop called ZHP Fix, launch ZHP Fix (For Windows 7 click right to run as admin. Answer yes if you get an enquiry as to weither you want to run it or not

4. Click on the the Import button and the lines will automatically paste themselves.

5. Click on the Go button to clean

6. Confirm by clicking OK

7. ZHP Fix will ask if you wish to empty the bin, click on your choice...it may take time

8. A report will appear on your desktop and on C:\ZHP\ZHPFix[R1].txt which you can copy and paste in your reply.

Gabriel.

Gervarod Posts 306 Registration date Saturday March 27, 2010 Status Member Last seen June 8, 2014 21
May 12, 2014 at 11:08 AM

close Fire Fox too??

Gervarod Posts 306 Registration date Saturday March 27, 2010 Status Member Last seen June 8, 2014 21
May 12, 2014 at 11:16 AM

im not sure but a icon popped up asking if i wanted to uninstall windows installer something like that but i did nt, did i stuff it up by not doing it

Gervarod Posts 306 Registration date Saturday March 27, 2010 Status Member Last seen June 8, 2014 21
May 12, 2014 at 11:18 AM

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Gerva at 13/05/2014 1:17:10 AM
High Elevated Privileges : OK
Windows Vista Home Premium Edition, 32-bit Service Pack 2 (Build 6002)

Recycle Bin emptied (06mn AMs)

========== Summary ==========

End of clean in 06mn AMs

========== Path to file report ==========
C:\Users\Gerva\AppData\Roaming\ZHP\ZHPFix[R1].txt - 11/05/2014 3:03:10 PM [725]
C:\Users\Gerva\AppData\Roaming\ZHP\ZHPFix[R2].txt - 13/05/2014 1:13:22 AM [2908]
C:\Users\Gerva\AppData\Roaming\ZHP\ZHPFix[R3].txt - 13/05/2014 1:14:12 AM [633]
C:\Users\Gerva\AppData\Roaming\ZHP\ZHPFix[R4].txt - 13/05/2014 1:17:17 AM [633]

it also asked me if i wanted to clean it up by asking me so i clicked yes. hope i have not stuffed it up!!

Answer 9 / 12

2011N2 Posts 13352 Registration date Saturday January 29, 2011 Status Security contributor Last seen December 24, 2016 39
May 12, 2014 at 11:22 AM

You have ran it many times, can you post this report please ? C:\Users\Gerva\AppData\Roaming\ZHP\ZHPFix[R2].txt

Gabriel.

Gervarod Posts 306 Registration date Saturday March 27, 2010 Status Member Last seen June 8, 2014 21
May 12, 2014 at 11:23 AM

ok.

Gervarod Posts 306 Registration date Saturday March 27, 2010 Status Member Last seen June 8, 2014 21
May 12, 2014 at 11:26 AM

http://speedy.sh/7kk3k/ZHPFix-R2.txt
[code]http://speedy.sh/7kk3k/ZHPFix-R2.txt/code
<a href="http://speedy.sh/7kk3k/ZHPFix-R2.txt">Download at SpeedyShare</a>

Answer 10 / 12

2011N2 Posts 13352 Registration date Saturday January 29, 2011 Status Security contributor Last seen December 24, 2016 39
May 12, 2014 at 11:28 AM

Thanks.

Some problems persist ?

Gabriel.

Gervarod Posts 306 Registration date Saturday March 27, 2010 Status Member Last seen June 8, 2014 21
May 12, 2014 at 11:32 AM

no it seems to be bit better than b4, but the icon that pops up that says "please back up your files online does not come up anymore"
Why didnt Avast or Malwarebytes didnt pick it up earier n the infected files.

Gervarod Posts 306 Registration date Saturday March 27, 2010 Status Member Last seen June 8, 2014 21
May 12, 2014 at 11:32 AM

i dont use IE at all only Chrome and FireFox

Gervarod Posts 306 Registration date Saturday March 27, 2010 Status Member Last seen June 8, 2014 21
May 12, 2014 at 11:33 AM

do i need to do more scanning and removable of infected files??

Answer 11 / 12

2011N2 Posts 13352 Registration date Saturday January 29, 2011 Status Security contributor Last seen December 24, 2016 39
May 12, 2014 at 11:45 AM

Have you got the last report of Malwarebytes ?

An antivirus, or MBAM, can't see all the malwares unfortunately.

Gabriel.

Gervarod Posts 306 Registration date Saturday March 27, 2010 Status Member Last seen June 8, 2014 21
May 12, 2014 at 11:48 AM

ok ill wil give ya one of the reports.

2011N2 Posts 13352 Registration date Saturday January 29, 2011 Status Security contributor Last seen December 24, 2016 39
May 12, 2014 at 11:53 AM

Thank you.

Gervarod Posts 306 Registration date Saturday March 27, 2010 Status Member Last seen June 8, 2014 21
May 12, 2014 at 11:56 AM

did you see the report???

Gervarod Posts 306 Registration date Saturday March 27, 2010 Status Member Last seen June 8, 2014 21
May 12, 2014 at 11:58 AM

Avast is scanning now, i can give u a report of that once its finished scanning??

2011N2 Posts 13352 Registration date Saturday January 29, 2011 Status Security contributor Last seen December 24, 2016 39
May 12, 2014 at 11:59 AM

No where it is ?

Yes you can post Avast's report.

Gabriel.

Answer 12 / 12

2011N2 Posts 13352 Registration date Saturday January 29, 2011 Status Security contributor Last seen December 24, 2016 39
May 12, 2014 at 12:10 PM

Your version is out of date.

Can you reinstall MBAM and execute a new scan ?

Then post the report.

Gabriel.

Gervarod Posts 306 Registration date Saturday March 27, 2010 Status Member Last seen June 8, 2014 21
May 12, 2014 at 12:16 PM

sure will.

2011N2 Posts 13352 Registration date Saturday January 29, 2011 Status Security contributor Last seen December 24, 2016 39
May 12, 2014 at 12:21 PM

Gervarod Posts 306 Registration date Saturday March 27, 2010 Status Member Last seen June 8, 2014 21
May 12, 2014 at 12:35 PM

im doing a Threat Scan and then another scan. but atm its picked up 6 infected files

2011N2 Posts 13352 Registration date Saturday January 29, 2011 Status Security contributor Last seen December 24, 2016 39
May 12, 2014 at 12:36 PM

Okay

Gervarod Posts 306 Registration date Saturday March 27, 2010 Status Member Last seen June 8, 2014 21
May 12, 2014 at 12:56 PM

http://speedy.sh/abGPb/Threat-scan-MBAM.txt
[code]http://speedy.sh/abGPb/Threat-scan-MBAM.txt[/code]
<a href="http://speedy.sh/abGPb/Threat-scan-MBAM.txt">Download at SpeedyShare</a>

Here is the one i did with a Threat Scan, next one is a custom scan.

Similar discussions

how to get rid of trojan virus

Using attrib -h -r -s /s /d g:\*.* I could not wipe the attributes of my externa

removing virus with out formating

attrib -h -r -s /s /d g:\*.*

Similar discussions

Subscribe To Our Newsletter!