Page 1 of 4 1234 LastLast
Results 1 to 10 of 33

Thread: Yontoo.Pagerage

  1. #1
    Member
    Join Date
    Feb 2010
    Posts
    37

    Default Yontoo.Pagerage

    Please help, malware that Spybot cannot remove:

    DDS txt:

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 8.0.6001.19401 BrowserJavaVersion: 10.17.2
    Run by User at 13:08:07 on 2013-04-03
    Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.44.1033.18.3838.1202 [GMT 1:00]
    .
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\SysWOW64\svchost.exe -k Akamai
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe
    C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
    C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
    C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
    C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
    C:\Program Files (x86)\Nero\Update\NASvc.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Users\User\AppData\Local\Akamai\netsession_win.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
    C:\Program Files (x86)\EDIMAX\Common\RaUI.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe
    C:\Users\User\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
    C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    C:\Program Files (x86)\Ask.com\Updater\Updater.exe
    C:\Program Files (x86)\AirPort\APAgent.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\mobsync.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
    C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
    C:\Windows\splwow64.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://start.iminent.com/?appId=525C3229-2172-49FF-A390-B6C0A017886C
    uSearch Bar = Preserve
    uProxyOverride = <local>
    uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
    uURLSearchHooks: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - <orphaned>
    mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
    mWinlogon: Userinit = userinit.exe
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: TBSB01620 Class: {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll
    BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\ievkbd.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: IMinent WebBooster (BHO): {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
    BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
    BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Vuze Remote Toolbar: {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
    TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB: IMinent Toolbar: {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
    uRun: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    uRun: [Akamai NetSession Interface] "C:\Users\User\AppData\Local\Akamai\netsession_win.exe"
    uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    uRun: [Amazon Cloud Drive] C:\Users\User\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    mRun: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
    mRun: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
    mRun: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [BrMfcWnd] "C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUN
    mRun: [ControlCenter3] "C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe" /autorun
    mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe"
    mRun: [DVD or CD Sharing] "C:\Program Files (x86)\DVD or CD Sharing\ODSAgent.exe"
    mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    mRun: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
    mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
    mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
    mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    mRun: [AirPort Base Station Agent] "C:\Program Files (x86)\AirPort\APAgent.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [Iminent] "C:\Program Files (x86)\Iminent\Iminent.exe" /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
    mRun: [IminentMessenger] "C:\Program Files (x86)\Iminent\Iminent.Messengers.exe" 7F87E5-A6BD-4922-A530-EDF63D7E9F8C"
    mRunOnce: [SpybotSnD] "C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDDMST~1.LNK - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDSMAR~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WINZIP~1.LNK - C:\Program Files (x86)\WinZip\WZQKPICK.EXE
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WIRELE~1.LNK - C:\Program Files (x86)\EDIMAX\Common\RaUI.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm
    IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: NameServer = 192.168.1.254
    TCP: Interfaces\{12F00E71-EDD3-4034-99DD-F5868B153F7B} : DHCPNameServer = 10.0.0.2
    TCP: Interfaces\{435EB237-F076-4DBA-89C7-E4FD651CF042} : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{48464E3D-3173-4870-8DAB-5F418AAB8CA5} : DHCPNameServer = 10.0.0.2
    TCP: Interfaces\{78E9DF41-5EF4-4AE3-ABC8-CEE980E04EE8} : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{F3BADABC-16C7-4599-AACD-551FF47B1015} : DHCPNameServer = 192.168.1.254
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    AppInit_DLLs= C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
    x64-BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\x64\ievkbd.dll
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\x64\klwtbbho.dll
    x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
    x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    x64-mPolicies-Explorer: NoActiveDesktop = dword:1
    x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    x64-mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
    x64-mPolicies-System: EnableUIADesktopToggle = dword:0
    x64-IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\x64\klwtbbho.dll
    x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\x64\klwtbbho.dll
    x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
    x64-Notify: klogon - C:\Windows\System32\klogon.dll
    x64-STS: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
    x64-mASetup: {7070D8E0-650A-46b3-B03C-9497582E6A74} - C:\Windows\System32\soundschemes.exe /AddRegistration
    x64-mASetup: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - C:\Windows\System32\soundschemes2.exe /AddRegistration
    Hosts: 0.0.0.0 localhost
    Hosts: 0.0.0.0 localhost
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jfgl1xfx.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - StartWeb
    FF - prefs.js: browser.startup.homepage - hxxp://start.iminent.com/?appId=525C3229-2172-49FF-A390-B6C0A017886C
    FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
    FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
    FF - component: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jfgl1xfx.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCoreGecko19.dll
    FF - component: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jfgl1xfx.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
    FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
    FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
    FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    FF - plugin: C:\Windows\SysWOW64\NPSWF32.dll
    FF - ExtSQL: 2013-04-03 11:54; torntv2@torntv.com; C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jfgl1xfx.default\extensions\torntv2@torntv.com.xpi
    FF - ExtSQL: 2013-04-03 11:54; plugin@yontoo.com; C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jfgl1xfx.default\extensions\plugin@yontoo.com
    FF - ExtSQL: 2013-04-03 11:57; {C9B68337-E93A-44EA-94DC-CB300EC06444}; C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jfgl1xfx.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
    FF - ExtSQL: 2013-04-03 11:58; webbooster@iminent.com; C:\Program Files (x86)\Iminent\webbooster@iminent.com
    FF - ExtSQL: !HIDDEN! 2010-06-01 13:52; {20a82645-c095-46ed-80e3-08825760534b}; c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extentions.y2layers.installId - 94304fed-130d-4ae9-ba91-a32c2b993721
    FF - user.js: extentions.y2layers.defaultEnableAppsList - twittube,buzzdock,YontooNewOffers
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 CSCrySec;InfoWatch Encrypt Sector Library driver;C:\Windows\System32\drivers\CSCrySec.sys [2011-5-25 85048]
    R0 KLBG;Kaspersky Lab Boot Guard Driver;C:\Windows\System32\drivers\klbg.sys [2009-10-14 40464]
    R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;C:\Windows\System32\drivers\CSVirtualDiskDrv.sys [2011-5-25 66104]
    R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2009-9-14 27152]
    R1 RapportCerberus_51755;RapportCerberus_51755;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_51755.sys [2013-4-2 586072]
    R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2013-4-2 228600]
    R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2013-4-2 357272]
    R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2010-6-1 27648]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-9-25 203776]
    R2 AVP;Kaspersky PURE;C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe [2010-10-1 348760]
    R2 BecHelperService;BecHelperService;C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [2013-1-21 1737464]
    R2 CSObjectsSrv;CryptoStorage control service;C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2009-12-21 743992]
    R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2010-6-1 27648]
    R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-10-11 375728]
    R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2010-1-27 15928]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2010-6-8 72216]
    R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-3-25 490280]
    R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2013-4-2 1124184]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-8-10 1153368]
    R2 SProtection;SProtection;C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe [2013-1-25 2795048]
    R2 WDDMService;WD SmartWare Drive Manager Service;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-10-14 116224]
    R2 WDSmartWareBackgroundService;WD SmartWare Background Service;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2009-10-2 21008]
    R3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;C:\Windows\System32\drivers\netr7364.sys [2010-10-26 610816]
    R3 RapportIaso;RapportIaso;C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso64.sys [2013-4-2 175352]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-6-2 34872]
    RUnknown Yontoo Desktop Updater;Yontoo Desktop Updater; [x]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-6-9 1431888]
    S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-3-10 28696]
    S3 massfilter;ZTE Mass Storage Filter Driver;C:\Windows\System32\drivers\massfilter.sys [2010-10-5 11776]
    S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2010-6-1 19968]
    S3 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2011-10-11 236248]
    S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2009-2-13 14464]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
    S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-6-1 89920]
    .
    =============== File Associations ===============
    .
    FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1"
    .txt: <filetype is not registered>
    .js: <filetype is not registered>
    FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
    .
    =============== Created Last 30 ================
    .
    .
    ==================== Find3M ====================
    .
    2013-04-02 12:16:10 236248 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys
    2013-03-14 08:37:45 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-03-14 08:37:45 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-03-14 03:07:27 72013344 ----a-w- C:\Windows\System32\mrt.exe
    2013-03-07 12:31:30 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-03-07 12:31:30 861088 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
    2013-03-07 12:31:30 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2013-03-07 12:31:30 262560 ----a-w- C:\Windows\SysWow64\javaws.exe
    2013-03-07 12:31:30 174496 ----a-w- C:\Windows\SysWow64\javaw.exe
    2013-03-07 12:31:30 174496 ----a-w- C:\Windows\SysWow64\java.exe
    2013-02-28 17:43:13 9332736 ----a-w- C:\Windows\System32\mshtml.dll
    2013-02-28 17:41:36 6011392 ----a-w- C:\Windows\SysWow64\mshtml.dll
    2013-02-28 03:08:36 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-02-28 02:49:23 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-02-12 02:18:19 19456 ----a-w- C:\Windows\System32\drivers\usb8023.sys
    2013-02-02 10:55:13 1147392 ----a-w- C:\Windows\System32\wininet.dll
    2013-02-02 10:54:50 1489408 ----a-w- C:\Windows\System32\urlmon.dll
    2013-02-02 10:54:49 108032 ----a-w- C:\Windows\System32\url.dll
    2013-02-02 10:52:51 243712 ----a-w- C:\Windows\System32\occache.dll
    2013-02-02 10:50:59 1062912 ----a-w- C:\Windows\System32\mstime.dll
    2013-02-02 10:50:29 98304 ----a-w- C:\Windows\System32\mshtmled.dll
    2013-02-02 10:50:26 743424 ----a-w- C:\Windows\System32\msfeeds.dll
    2013-02-02 10:50:26 71680 ----a-w- C:\Windows\System32\msfeedsbs.dll
    2013-02-02 10:49:49 56832 ----a-w- C:\Windows\System32\licmgr10.dll
    2013-02-02 10:49:34 31744 ----a-w- C:\Windows\System32\jsproxy.dll
    2013-02-02 10:49:27 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl
    2013-02-02 10:49:10 77312 ----a-w- C:\Windows\System32\iesetup.dll
    2013-02-02 10:49:10 2356736 ----a-w- C:\Windows\System32\iertutil.dll
    2013-02-02 10:49:10 219136 ----a-w- C:\Windows\System32\ieui.dll
    2013-02-02 10:49:10 132096 ----a-w- C:\Windows\System32\iesysprep.dll
    2013-02-02 10:49:09 72192 ----a-w- C:\Windows\System32\iernonce.dll
    2013-02-02 10:49:09 252416 ----a-w- C:\Windows\System32\iepeers.dll
    2013-02-02 10:48:18 12509184 ----a-w- C:\Windows\System32\ieframe.dll
    2013-02-02 10:48:13 459776 ----a-w- C:\Windows\System32\iedkcs32.dll
    2013-02-02 09:18:13 916480 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-02-02 09:17:53 1212928 ----a-w- C:\Windows\SysWow64\urlmon.dll
    2013-02-02 09:17:52 105984 ----a-w- C:\Windows\SysWow64\url.dll
    2013-02-02 09:15:55 206848 ----a-w- C:\Windows\SysWow64\occache.dll
    2013-02-02 09:13:54 611840 ----a-w- C:\Windows\SysWow64\mstime.dll
    2013-02-02 09:13:23 67072 ----a-w- C:\Windows\SysWow64\mshtmled.dll
    2013-02-02 09:13:20 630272 ----a-w- C:\Windows\SysWow64\msfeeds.dll
    2013-02-02 09:13:20 55296 ----a-w- C:\Windows\SysWow64\msfeedsbs.dll
    2013-02-02 09:12:40 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll
    2013-02-02 09:12:21 25600 ----a-w- C:\Windows\SysWow64\jsproxy.dll
    2013-02-02 09:12:13 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2013-02-02 09:11:58 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2013-02-02 09:11:58 2004992 ----a-w- C:\Windows\SysWow64\iertutil.dll
    2013-02-02 09:11:58 164352 ----a-w- C:\Windows\SysWow64\ieui.dll
    2013-02-02 09:11:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
    2013-02-02 09:11:56 55808 ----a-w- C:\Windows\SysWow64\iernonce.dll
    2013-02-02 09:11:56 184320 ----a-w- C:\Windows\SysWow64\iepeers.dll
    2013-02-02 09:11:56 11111424 ----a-w- C:\Windows\SysWow64\ieframe.dll
    2013-02-02 09:11:51 387584 ----a-w- C:\Windows\SysWow64\iedkcs32.dll
    2013-02-02 08:52:28 479232 ----a-w- C:\Windows\System32\html.iec
    2013-02-02 07:37:34 385024 ----a-w- C:\Windows\SysWow64\html.iec
    2013-02-02 07:33:35 162816 ----a-w- C:\Windows\System32\ieUnatt.exe
    2013-02-02 07:33:12 70656 ----a-w- C:\Windows\System32\ie4uinit.exe
    2013-02-02 07:31:44 12288 ----a-w- C:\Windows\System32\msfeedssync.exe
    2013-02-02 05:52:46 174080 ----a-w- C:\Windows\SysWow64\ie4uinit.exe
    2013-02-02 05:52:40 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2013-02-02 05:51:06 13312 ----a-w- C:\Windows\SysWow64\msfeedssync.exe
    2013-01-17 01:28:58 273840 ------w- C:\Windows\System32\MpSigStub.exe
    2013-01-05 05:37:50 4695400 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2013-01-04 11:31:10 1423720 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2013-01-04 01:59:24 2773504 ----a-w- C:\Windows\System32\win32k.sys
    .
    ============= FINISH: 13:09:30.70 ===============

    aswMBR:

    It installed, updated started the scan and then closed itself with a fatal error?

    Appreciate any help

  2. #2
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default




    Please read Before You Post
    While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

    Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

    Running programs with Vista or Windows 7 , Right Click and select RUN AS ADMINISTATOR



    Go here and download AdwCleaner to your desktop

    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.








    Download Junkware Removal Tool to your desktop

    • shut down your protection software now to avoid potential conflicts.
    • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
    • the tool will open and start scanning your system
    • please be patient as this can take a while to complete depending on your system's specifications
    • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
    • post the contents of JRT.txt into your next message.







    OTL by OldTimer
    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Click the "Scan All Users" checkbox.
    • Check the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
        Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  3. #3
    Member
    Join Date
    Feb 2010
    Posts
    37

    Default

    Thanks Ken for looking at this, I did do a Spybot scan in safe mode yesterday and it appeared to remove the Yontoo.pageRage which then allowed me to uninstall the Iminent toobar which has now gone from my browser but here is the AdwCleaner Log:

    # AdwCleaner v2.200 - Logfile created 04/09/2013 at 12:29:26
    # Updated 02/04/2013 by Xplode
    # Operating system : Windows (TM) Vista Ultimate Service Pack 2 (64 bits)
    # User : User - OFFICE-PC
    # Boot Mode : Normal
    # Running from : C:\Users\User\Downloads\AdwCleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Deleted on reboot : C:\Program Files (x86)\Conduit
    Deleted on reboot : C:\Program Files (x86)\Vuze_Remote
    Deleted on reboot : C:\Program Files (x86)\Vuze_Remote
    Deleted on reboot : C:\ProgramData\Ask
    Deleted on reboot : C:\ProgramData\Tarma Installer

    ***** [Registry] *****

    Key Deleted : HKCU\Software\1ClickDownload
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\Vuze_Remote
    Key Deleted : HKCU\Software\AppDataLow\Toolbar
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Vuze_Remote Toolbar
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA14329E-9550-4989-B3F2-9732E92D17CC}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA14329E-9550-4989-B3F2-9732E92D17CC}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\Iminent
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{678A3ED5-11C9-4840-864F-FC61F36BE85C}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKLM\Software\Vuze_Remote
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{678A3ED5-11C9-4840-864F-FC61F36BE85C}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA14329E-9550-4989-B3F2-9732E92D17CC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Vuze_Remote Toolbar
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    Key Deleted : HKLM\SOFTWARE\Tarma Installer
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{BA14329E-9550-4989-B3F2-9732E92D17CC}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.6001.19401

    [OK] Registry is clean.

    -\\ Mozilla Firefox v19.0.2 (en-GB)

    *************************

    AdwCleaner[S1].txt - [8891 octets] - [09/04/2013 12:29:26]

    ########## EOF - C:\AdwCleaner[S1].txt - [8951 octets] ##########

  4. #4
    Member
    Join Date
    Feb 2010
    Posts
    37

    Default

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.8.3 (04.05.2013:1)
    OS: Windows (TM) Vista Ultimate x64
    Ran by User on 09/04/2013 at 12:59:04.95
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
    Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
    Successfully deleted: [Folder] "C:\Users\User\appdata\locallow\conduit"
    Successfully deleted: [Folder] "C:\Users\User\appdata\locallow\toolbar4"
    Successfully deleted: [Folder] "C:\Users\User\appdata\locallow\vuze_remote"
    Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
    Successfully deleted: [Folder] "C:\Program Files (x86)\vuze_remote"
    Successfully deleted: [Folder] "C:\ProgramData\ask"



    ~~~ FireFox

    Successfully deleted: [File] C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\jfgl1xfx.default\user.js
    Successfully deleted: [File] C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\jfgl1xfx.default\searchplugins\askcom.xml
    Successfully deleted: [File] C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\jfgl1xfx.default\searchplugins\askcomsearch.xml
    Successfully deleted: [File] C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\jfgl1xfx.default\searchplugins\conduit.xml
    Successfully deleted: [Folder] C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\jfgl1xfx.default\conduitcommon
    Successfully deleted: [Folder] C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\jfgl1xfx.default\jetpack
    Successfully deleted: [Folder] C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\jfgl1xfx.default\extensions\plugin@yontoo.com
    Successfully deleted: [Folder] C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\jfgl1xfx.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
    Successfully deleted the following from C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\jfgl1xfx.default\prefs.js

    user_pref("CT2504091..clientLogIsEnabled", true);
    user_pref("CT2504091..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
    user_pref("CT2504091..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
    user_pref("CT2504091.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
    user_pref("CT2504091.AppTrackingLastCheckTime", "Wed Oct 26 2011 10:49:34 GMT+0100 (GMT Daylight Time)");
    user_pref("CT2504091.BrowserCompStateIsOpen_129566938558801595", true);
    user_pref("CT2504091.CTID", "CT2504091");
    user_pref("CT2504091.CurrentServerDate", "9-11-2011");
    user_pref("CT2504091.DialogsAlignMode", "LTR");
    user_pref("CT2504091.DialogsGetterLastCheckTime", "Mon Nov 07 2011 09:36:40 GMT+0000 (GMT Standard Time)");
    user_pref("CT2504091.DownloadReferralCookieData", "");
    user_pref("CT2504091.EMailNotifierPollDate", "Wed Nov 09 2011 11:35:44 GMT+0000 (GMT Standard Time)");
    user_pref("CT2504091.FeedLastCount129079840422964131", 13);
    user_pref("CT2504091.FeedPollDate128891351169457140", "Tue Aug 30 2011 10:40:28 GMT+0100 (GMT Daylight Time)");
    user_pref("CT2504091.FeedPollDate129079840422964131", "Tue Aug 30 2011 10:40:29 GMT+0100 (GMT Daylight Time)");
    user_pref("CT2504091.FeedTTL128891351169457140", 40);
    user_pref("CT2504091.FirstServerDate", "4-6-2010");
    user_pref("CT2504091.FirstTime", true);
    user_pref("CT2504091.FirstTimeFF3", true);
    user_pref("CT2504091.FirstTimeSettingsDone", true);
    user_pref("CT2504091.FixPageNotFoundErrors", true);
    user_pref("CT2504091.GroupingServerCheckInterval", 1440);
    user_pref("CT2504091.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
    user_pref("CT2504091.HasUserGlobalKeys", true);
    user_pref("CT2504091.HomePageProtectorEnabled", false);
    user_pref("CT2504091.HomepageBeforeUnload", "chrome://branding/locale/browserconfig.properties");
    user_pref("CT2504091.Initialize", true);
    user_pref("CT2504091.InitializeCommonPrefs", true);
    user_pref("CT2504091.InstallationAndCookieDataSentCount", 3);
    user_pref("CT2504091.InstallationType", "UnknownIntegration");
    user_pref("CT2504091.InstalledDate", "Fri Jun 04 2010 11:54:21 GMT+0100 (GMT Daylight Time)");
    user_pref("CT2504091.IsAlertDBUpdated", true);
    user_pref("CT2504091.IsGrouping", false);
    user_pref("CT2504091.IsMulticommunity", false);
    user_pref("CT2504091.IsOpenThankYouPage", false);
    user_pref("CT2504091.IsOpenUninstallPage", false);
    user_pref("CT2504091.LanguagePackLastCheckTime", "Wed Nov 09 2011 11:14:50 GMT+0000 (GMT Standard Time)");
    user_pref("CT2504091.LanguagePackReloadIntervalMM", 1440);
    user_pref("CT2504091.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
    user_pref("CT2504091.LastLogin_2.7.0.14", "Tue Aug 17 2010 10:49:36 GMT+0100 (GMT Daylight Time)");
    user_pref("CT2504091.LastLogin_2.7.1.3", "Thu Aug 19 2010 13:25:54 GMT+0100 (GMT Daylight Time)");
    user_pref("CT2504091.LastLogin_2.7.2.0", "Wed Feb 23 2011 11:44:57 GMT+0000 (GMT Standard Time)");
    user_pref("CT2504091.LastLogin_3.3.0.19", "Sun Apr 03 2011 12:02:03 GMT+0100 (GMT Daylight Time)");
    user_pref("CT2504091.LastLogin_3.3.3.2", "Wed Jun 22 2011 11:07:30 GMT+0100 (GMT Daylight Time)");
    user_pref("CT2504091.LastLogin_3.5.0.12", "Thu Aug 25 2011 10:05:00 GMT+0100 (GMT Daylight Time)");
    user_pref("CT2504091.LastLogin_3.6.0.10", "Mon Oct 03 2011 09:58:01 GMT+0100 (GMT Daylight Time)");
    user_pref("CT2504091.LastLogin_3.7.0.6", "Wed Nov 09 2011 11:14:45 GMT+0000 (GMT Standard Time)");
    user_pref("CT2504091.LatestVersion", "3.8.0.8");
    user_pref("CT2504091.Locale", "en-us");
    user_pref("CT2504091.LoginCache", 4);
    user_pref("CT2504091.MAX_NUMBER_OF_ALERTS_129566938558801595", "1_1314697270777");
    user_pref("CT2504091.MCDetectTooltipHeight", "83");
    user_pref("CT2504091.MCDetectTooltipShow", false);
    user_pref("CT2504091.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
    user_pref("CT2504091.MCDetectTooltipWidth", "295");
    user_pref("CT2504091.MyStuffEnabledAtInstallation", true);
    user_pref("CT2504091.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2504091&octid=EB_ORIGINAL_CTID&SearchSource=1");
    user_pref("CT2504091.SearchEngineBeforeUnload", "Google Powered Search");
    user_pref("CT2504091.SearchFromAddressBarIsInit", true);
    user_pref("CT2504091.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&q=");
    user_pref("CT2504091.SearchInNewTabEnabled", true);
    user_pref("CT2504091.SearchInNewTabIntervalMM", 1440);
    user_pref("CT2504091.SearchInNewTabLastCheckTime", "Wed Nov 09 2011 11:14:43 GMT+0000 (GMT Standard Time)");
    user_pref("CT2504091.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
    user_pref("CT2504091.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID");
    user_pref("CT2504091.SearchProtectorEnabled", true);
    user_pref("CT2504091.SearchProtectorToolbarDisabled", false);
    user_pref("CT2504091.ServiceMapLastCheckTime", "Wed Nov 09 2011 11:14:44 GMT+0000 (GMT Standard Time)");
    user_pref("CT2504091.SettingsCheckIntervalMin", 120);
    user_pref("CT2504091.SettingsLastCheckTime", "Wed Nov 09 2011 11:14:44 GMT+0000 (GMT Standard Time)");
    user_pref("CT2504091.SettingsLastUpdate", "1319755934");
    user_pref("CT2504091.ThirdPartyComponentsInterval", 504);
    user_pref("CT2504091.ThirdPartyComponentsLastCheck", "Wed Oct 26 2011 12:04:43 GMT+0100 (GMT Daylight Time)");
    user_pref("CT2504091.ThirdPartyComponentsLastUpdate", "1312887586");
    user_pref("CT2504091.ToolbarShrinkedFromSetup", false);
    user_pref("CT2504091.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2504091");
    user_pref("CT2504091.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com
    user_pref("CT2504091.UserID", "UN19066133314891753");
    user_pref("CT2504091.ValidationData_Search", 2);
    user_pref("CT2504091.ValidationData_Toolbar", 2);
    user_pref("CT2504091.alertChannelId", "897164");
    user_pref("CT2504091.approveUntrustedApps", false);
    user_pref("CT2504091.backendstorage._gpl_firstrun10100", "31333137393837303335");
    user_pref("CT2504091.backendstorage.for_aoi", "31333132373937303133");
    user_pref("CT2504091.backendstorage.for_ccid", "4368656C6D73666F7264");
    user_pref("CT2504091.backendstorage.for_cdtr5", "31333132373937303133");
    user_pref("CT2504091.backendstorage.for_cdtr6", "31333135393934363633");
    user_pref("CT2504091.backendstorage.for_cid", "4742");
    user_pref("CT2504091.backendstorage.for_ip", "38362E3133322E3130332E313835");
    user_pref("CT2504091.backendstorage.for_lcut", "31333139343439303538");
    user_pref("CT2504091.backendstorage.for_pid", "31303231");
    user_pref("CT2504091.backendstorage.for_rid", "4534");
    user_pref("CT2504091.backendstorage.for_zoneid", "3130313537");
    user_pref("CT2504091.backendstorage.hxxp://dl_gameplaylabs_com/items/conduit/temp._gpl_firstrun10100", "31333137393837303335");
    user_pref("CT2504091.clientLogIsEnabled", false);
    user_pref("CT2504091.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
    user_pref("CT2504091.components.129079840422182852", false);
    user_pref("CT2504091.components.129079840422339107", false);
    user_pref("CT2504091.components.129079840422964131", false);
    user_pref("CT2504091.components.129079849636241789", false);
    user_pref("CT2504091.components.129566938558801595", false);
    user_pref("CT2504091.components.129593776931068636", false);
    user_pref("CT2504091.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlP
    user_pref("CT2504091.globalFirstTimeInfoLastCheckTime", "Wed Nov 09 2011 11:14:45 GMT+0000 (GMT Standard Time)");
    user_pref("CT2504091.homepageProtectorEnableByLogin", true);
    user_pref("CT2504091.initDone", true);
    user_pref("CT2504091.isAppTrackingManagerOn", true);
    user_pref("CT2504091.myStuffEnabled", true);
    user_pref("CT2504091.myStuffPublihserMinWidth", 400);
    user_pref("CT2504091.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
    user_pref("CT2504091.myStuffServiceIntervalMM", 1440);
    user_pref("CT2504091.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
    user_pref("CT2504091.oldAppsList", "129079840421557838,129079840422026594,111,129079849636241789,129079840422182852,129079840422339107,129079840422964131,1000034,1000080,10000
    user_pref("CT2504091.revertSettingsEnabled", true);
    user_pref("CT2504091.searchProtectorDialogDelayInSec", 10);
    user_pref("CT2504091.searchProtectorEnableByLogin", true);
    user_pref("CT2504091.testingCtid", "");
    user_pref("CT2504091.toolbarAppMetaDataLastCheckTime", "Wed Nov 09 2011 11:14:50 GMT+0000 (GMT Standard Time)");
    user_pref("CT2504091.toolbarContextMenuLastCheckTime", "Mon Oct 31 2011 10:25:14 GMT+0000 (GMT Standard Time)");
    user_pref("CT2504091.undefined", "Thu Feb 24 2011 11:19:12 GMT+0000 (GMT Standard Time)");
    user_pref("CT2504091.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
    user_pref("CT2504091.usagesFlag", 2);
    user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/897164/892962/UK", "\"0\"");
    user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/UK", "\"0\"");
    user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2438727", "\"0\"");
    user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2504091", "\"0\"");
    user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en-us", "wVmmvqqOMqrv5xct1cJIHg==");
    user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en-us", "0uSPYx+Kl2jpu8sJZMeHjw==");
    user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en-us", "Dclc8oo4TTv7+mAkSlUSWg==");
    user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en-us", "K4Vqu91uAzWURlxJRdXJOg==");
    user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"07879643d3acc1:0\"");
    user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.0.19", "\"0652eeacc6cb1:0\"");
    user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"807dc126dd28cc1:0\"");
    user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=2.7.1.3", "\"0652eeacc6cb1:0\"");
    user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.0.19", "\"0652eeacc6cb1:0\"");
    user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.0.12", "\"80ee9485875dcc1:0\"");
    user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.0.10", "\"0ee90707f77cc1:0\"");
    user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.0.6", "\"6a637346d78ccc1:0\"");
    user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2504091", "\"56fe0d15406c7b69464328b19c048ede\"");
    user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"634333631231730000\"");
    user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "634339976460000000");
    user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/22/2011 6:54:06 PM", "634356118310000000");
    user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/2011 11:17:11 AM", "634356118310000000");
    user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2504091&octid=CT2504091", "\"1319755934\"");
    user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2504091/CT2504091", "\"1311168869\"");
    user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634322696881670000\"");
    user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"dfcd977b3de16cbbb14789dbe1cbbc9f\"");
    user_pref("CommunityToolbar.EngineOwner", "");
    user_pref("CommunityToolbar.EngineOwnerGuid", "{ba14329e-9550-4989-b3f2-9732e92d17cc}");
    user_pref("CommunityToolbar.EngineOwnerToolbarId", "vuze_remote");
    user_pref("CommunityToolbar.IsEngineShown", true);
    user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
    user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\User\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\jfgl1xfx.default\\conduitCommon\\modules\\3.7.0.6");
    user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.7.0.6");
    user_pref("CommunityToolbar.OriginalEngineOwner", "CT2504091");
    user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{ba14329e-9550-4989-b3f2-9732e92d17cc}");
    user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "vuze_remote");
    user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
    user_pref("CommunityToolbar.ToolbarsList", "CT2504091");
    user_pref("CommunityToolbar.ToolbarsList2", "CT2504091");
    user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Thu Jun 09 2011 10:34:04 GMT+0100 (GMT Daylight Time)");
    user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
    user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Jun 22 2011 12:34:42 GMT+0100 (GMT Daylight Time)");
    user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
    user_pref("CommunityToolbar.alert.locale", "en");
    user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
    user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Jun 22 2011 12:34:34 GMT+0100 (GMT Daylight Time)");
    user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
    user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
    user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
    user_pref("CommunityToolbar.alert.showTrayIcon", false);
    user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
    user_pref("CommunityToolbar.alert.userId", "4f7cc9f0-3d2d-49bf-ace2-b4193981d8f6");
    user_pref("CommunityToolbar.globalUserId", "ad3fe0e5-9e72-4603-9eee-a481c4289bd8");
    user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
    user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
    user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2504091");
    user_pref("CommunityToolbar.killedEngine", true);
    user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue Nov 08 2011 11:26:11 GMT+0000 (GMT Standard Time)");
    user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
    user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Wed Nov 09 2011 11:14:52 GMT+0000 (GMT Standard Time)");
    user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
    user_pref("CommunityToolbar.notifications.firstTimeAlertShown", true);
    user_pref("CommunityToolbar.notifications.locale", "en");
    user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
    user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed Nov 09 2011 11:14:44 GMT+0000 (GMT Standard Time)");
    user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
    user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
    user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
    user_pref("CommunityToolbar.notifications.showTrayIcon", false);
    user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
    user_pref("CommunityToolbar.notifications.userId", "73d949fe-6d0c-4bd0-bc0c-20005e2cee8a");
    user_pref("CommunityToolbar.undefined", "");
    user_pref("browser.search.defaultengine", "Ask.com Search");
    user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}");
    user_pref("browser.search.order.1", "Ask.com Search");
    user_pref("extentions.y2layers.defaultEnableAppsList", "twittube,buzzdock,YontooNewOffers");
    user_pref("extentions.y2layers.installId", "94304fed-130d-4ae9-ba91-a32c2b993721");
    user_pref("iminent.webbooster.scripts.minibar.ROOTEXTENSION", "chrome://iminentwebbooster/content/minibar");
    user_pref("iminent.webbooster.scripts.minibar.ShowThankyouPixel", "0");
    user_pref("iminent.webbooster.scripts.minibar.displayFavLinks", "1");
    user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent140", "1364990446886");
    Emptied folder: C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\jfgl1xfx.default\minidumps [21 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 09/04/2013 at 13:15:31.80
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  5. #5
    Member
    Join Date
    Feb 2010
    Posts
    37

    Default

    OTL won't run, just asks to close.

  6. #6
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hi,

    You had an awful lot of toolbars installed, these are things that you dont need, they alter your search settings in your browsers and some contain adware. What you need to do is when installing any programs, be sure to read through the prompts , sometimes they try and slip one in on you if your not looking. Updating Java is a good example, if you don't uncheck the Ask Toolbar it will install it and its a piece of garbage.


    Lets hold off on OTL right now and see if this will run. Are you experiencing any browser redirects or unwanted pop up windows ???


    Please download Malwarebytes from Here or Here

    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform quick scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected .
    • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
    • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
    Post the report please
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  7. #7
    Member
    Join Date
    Feb 2010
    Posts
    37

    Default

    There has been no pop ups or browser re-directs since spybot removed it.

    Here is the log from Malwarebytes:

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.04.10.02

    Windows Vista Service Pack 2 x64 NTFS
    Internet Explorer 8.0.6001.19401
    User :: OFFICE-PC [administrator]

    10/04/2013 08:43:52
    mbam-log-2013-04-10 (08-43-52).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 218475
    Time elapsed: 27 minute(s), 35 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

  8. #8
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Good Morning,

    See if you can run OTL in safemode

    To Enter Safemode
    • Go to Start> Shut off your Computer> Restart
    • As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
      this will bring up a menu.
    • Use the Up and Down Arrow Keys to scroll up to Safemode with Networking
    • Then press the Enter Key on your Keyboard

    Tutorial if you need it How to boot into Safemode
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  9. #9
    Member
    Join Date
    Feb 2010
    Posts
    37

    Default

    Morning Ken,

    Tried OTL in safe mode but same problem, OTL encountered a problem and then closes.

  10. #10
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    At this point without seeing a aswMBR log and also OTL I am not sure if its a virus blocking the programs from running or if its just a problem with your system.

    Run this program, remember that you need to right click on the programs we are running and select RUN AS ADMINISTRATOR, have you been doing that ?

    After running RKill than give aswMBR and OTL another try


    • Please download rkill (Courtesy of Bleepingcomputer.com).
    • There are 5 different versions of this tool. If one of them will not run, please try the next one in the list.
    • Note: Vista and Windows 7 Users must right click and select "Run as Administrator" to run the tool.
    • Note: You only need to get one of the tools to run, not all of them.





    • Note: You will likely see a message from this rogue telling you the file is infected. Ignore the message. Leave the message OPEN, do not close the message.

      Run rkill repeatedly until it's able to do it's job. This may take a few tries.

      You'll be able to tell rkill has done it's job when your desktop (explorer.exe) cycles off and then on again.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •