Here are my Logs for Found PUP Bundle: Help!

Discussion in 'Malware Help (A Specialist Will Reply)' started by harvastmoon, Jan 15, 2013.

  1. harvastmoon

    harvastmoon Private E-2

    Just ran Malwarebytes and it found 3 different instances of PUP Bundle Installer, so I am following the thread on posting logs so someone can help me remove it properly and perhaps see if there is anymore crap that I don't know about! :cry

    I will post the logs soon as I have run them all.
     
    harvastmoon, Jan 15, 2013
    #1
  2. harvastmoon

    harvastmoon Private E-2

    I have attached all of the logs here.
     

    Attached Files:

    harvastmoon, Jan 15, 2013
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    http://imageshack.us/a/img841/7292/thisisujrt.gif Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Attach JRT.txt to your next message.

    Now tell me how things are.
     
    TimW, Jan 17, 2013
    #3
  4. harvastmoon

    harvastmoon Private E-2

    Thank you, I have posted the Log results below... looks like there was a lot of junk that needed to be removed.
    Is there anything else I should do now besides reboot (because I just turned on the UAC)?



    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.4.3 (01.15.2013:1)
    OS: Windows 7 Home Premium x64
    Ran by Andy on Thu 01/17/2013 at 15:32:06.17
    Blog: http://thisisudax.blogspot.com
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    ~~~ Services

    ~~~ Registry Values

    Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{687578b9-7132-4a7a-80e4-30ee31099e03}
    Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\urlsearchhooks\\{687578b9-7132-4a7a-80e4-30ee31099e03}
    Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{98889811-442d-49dd-99d7-dc866be87dbc}
    Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
    Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
    Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
    Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
    Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
    Successfully repaired: [Registry Value] hkey_users\S-1-5-21-4082694535-2020191331-2730137117-1000\software\microsoft\internet explorer\main\\Start Page

    ~~~ Registry Keys

    Successfully deleted: [Registry Key] hkey_classes_root\appid\babylonhelper.exe
    Successfully deleted: [Registry Key] hkey_classes_root\appid\babyloniepi.dll
    Successfully deleted: [Registry Key] hkey_classes_root\appid\babylontc.exe
    Successfully deleted: [Registry Key] hkey_current_user\software\1clickdownload
    Successfully deleted: [Registry Key] hkey_current_user\software\babylon
    Successfully deleted: [Registry Key] hkey_local_machine\software\babylon
    Successfully deleted: [Registry Key] hkey_current_user\software\babylontoolbar
    Successfully deleted: [Registry Key] hkey_local_machine\software\babylontoolbar
    Successfully deleted: [Registry Key] hkey_current_user\software\conduit
    Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
    Successfully deleted: [Registry Key] hkey_local_machine\software\freeze.com
    Successfully deleted: [Registry Key] hkey_local_machine\software\iminent
    Successfully deleted: [Registry Key] hkey_current_user\software\softonic
    Successfully deleted: [Registry Key] hkey_current_user\software\sweetim
    Successfully deleted: [Registry Key] hkey_local_machine\software\sweetim
    Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit
    Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\smartbar
    Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\menuext\translate this web page with babylon
    Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\menuext\translate with babylon
    Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\office\powerpoint\addins\babylonofficeaddin.officeaddin
    Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\office\word\addins\babylonofficeaddin.officeaddin
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\dnu.exe
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escort.dll
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escortapp.dll
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escorteng.dll
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escortlbr.dll
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\esrv.exe
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\dnupdate
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\dnupdater.downloaduibrowser
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\dnupdater.downloaduibrowser.1
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\dnupdater.downloadupdcontroller
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\dnupdater.downloadupdcontroller.1
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap
    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\babylon_rasapi32
    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\babylon_rasmancs
    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasapi32
    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasmancs
    Successfully deleted: [Registry Key] hkey_local_machine\software\wow6432node\microsoft\tracing\babylontc_rasapi32
    Successfully deleted: [Registry Key] hkey_local_machine\software\wow6432node\microsoft\tracing\babylontc_rasmancs
    Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT3072253
    Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}
    Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
    Successfully deleted: [Registry Key] hkey_classes_root\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}
    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{687578b9-7132-4a7a-80e4-30ee31099e03}

    ~~~ Files

    Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll"
    Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npmozcouponprinter.dll"
    Successfully deleted: [File] "C:\Users\Andy *\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\babylon.lnk"
    Successfully deleted: [File] "C:\Windows\couponprinter.ocx"

    ~~~ Folders

    Successfully deleted: [Folder] "C:\ProgramData\babylon"
    Successfully deleted: [Folder] "C:\ProgramData\partner"
    Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
    Successfully deleted: [Folder] "C:\Users\Andy *\AppData\Roaming\babylon"
    Successfully deleted: [Folder] "C:\Users\Andy *\AppData\Roaming\opencandy"
    Successfully deleted: [Folder] "C:\Users\Andy *\appdata\local\babylon"
    Successfully deleted: [Folder] "C:\Users\Andy *\appdata\local\conduit"
    Successfully deleted: [Folder] "C:\Users\Andy *\appdata\locallow\conduit"
    Successfully deleted: [Folder] "C:\Users\Andy *\appdata\locallow\toolbar4"
    Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
    Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
    Successfully deleted: [Folder] "C:\Program Files (x86)\free offers from freeze.com"
    Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\software update utility"
    Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\babylon"

    ~~~ FireFox

    Successfully deleted: [File] C:\user.js
    Successfully deleted: [File] C:\Users\Andy *\AppData\Roaming\mozilla\firefox\profiles\bp78we79.default\user.js
    Successfully deleted: [File] C:\Users\Andy *\AppData\Roaming\mozilla\firefox\profiles\bp78we79.default\searchplugins\conduit.xml
    Successfully deleted: [File] C:\Users\Andy *\AppData\Roaming\mozilla\firefox\profiles\bp78we79.default\searchplugins\my-homepage.xml
    Successfully deleted: [Folder] C:\Users\Andy *\AppData\Roaming\mozilla\firefox\profiles\bp78we79.default\conduitcommon
    Successfully deleted: [Folder] C:\Users\Andy *\AppData\Roaming\mozilla\firefox\profiles\bp78we79.default\extensions\oneclickdownload@oneclickdownload.com
    Successfully deleted: [Folder] C:\Users\Andy *\AppData\Roaming\mozilla\firefox\profiles\bp78we79.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
    Successfully deleted the following from C:\Users\Andy *\AppData\Roaming\mozilla\firefox\profiles\bp78we79.default\prefs.js

    user_pref("CT3072253..clientLogIsEnabled", false);
    user_pref("CT3072253..clientLogServiceUrl", "http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
    user_pref("CT3072253..uninstallLogServiceUrl", "http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
    user_pref("CT3072253.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
    user_pref("CT3072253.AboutPrivacyUrl", "http://www.conduit.com/privacy/Default.aspx");
    user_pref("CT3072253.BrowserCompStateIsOpen_129573915102477663", true);
    user_pref("CT3072253.BrowserCompStateIsOpen_129749445881800338", true);
    user_pref("CT3072253.BrowserCompStateIsOpen_129805375651312503", true);
    user_pref("CT3072253.CTID", "CT3072253");
    user_pref("CT3072253.CurrentServerDate", "1-9-2012");
    user_pref("CT3072253.DSInstall", true);
    user_pref("CT3072253.DialogsAlignMode", "LTR");
    user_pref("CT3072253.DialogsGetterLastCheckTime", "Sat Sep 01 2012 16:17:41 GMT-0400 (Eastern Daylight Time)");
    user_pref("CT3072253.DownloadReferralCookieData", "");
    user_pref("CT3072253.FirstServerDate", "17-7-2012");
    user_pref("CT3072253.FirstTime", true);
    user_pref("CT3072253.FirstTimeFF3", true);
    user_pref("CT3072253.FirstTimeHiddenVer", true);
    user_pref("CT3072253.FixPageNotFoundErrors", true);
    user_pref("CT3072253.GroupingServerCheckInterval", 1440);
    user_pref("CT3072253.GroupingServiceUrl", "http://grouping.services.conduit.com/");
    user_pref("CT3072253.HPInstall", true);
    user_pref("CT3072253.HasUserGlobalKeys", true);
    user_pref("CT3072253.HomePageProtectorEnabled", true);
    user_pref("CT3072253.HomepageBeforeUnload", "http://search.conduit.com/?ctid=CT3072253&SearchSource=13");
    user_pref("CT3072253.Initialize", true);
    user_pref("CT3072253.InitializeCommonPrefs", true);
    user_pref("CT3072253.InstallationAndCookieDataSentCount", 3);
    user_pref("CT3072253.InstallationId", "fft9EA8.tmp.exe");
    user_pref("CT3072253.InstallationType", "XPE");
    user_pref("CT3072253.InstalledDate", "Tue Jul 17 2012 14:46:11 GMT-0400 (Eastern Daylight Time)");
    user_pref("CT3072253.IsAlertDBUpdated", true);
    user_pref("CT3072253.IsGrouping", false);
    user_pref("CT3072253.IsInitSetupIni", true);
    user_pref("CT3072253.IsMulticommunity", false);
    user_pref("CT3072253.IsOpenThankYouPage", true);
    user_pref("CT3072253.IsOpenUninstallPage", false);
    user_pref("CT3072253.IsProtectorsInit", true);
    user_pref("CT3072253.LanguagePackLastCheckTime", "Sat Sep 01 2012 16:17:40 GMT-0400 (Eastern Daylight Time)");
    user_pref("CT3072253.LanguagePackReloadIntervalMM", 1440);
    user_pref("CT3072253.LanguagePackServiceUrl", "http://translation.users.conduit.com/Translation.ashx");
    user_pref("CT3072253.LastLogin_3.13.0.6", "Sun Aug 19 2012 17:48:07 GMT-0400 (Eastern Daylight Time)");
    user_pref("CT3072253.LastLogin_3.14.1.0", "Sat Sep 01 2012 16:17:41 GMT-0400 (Eastern Daylight Time)");
    user_pref("CT3072253.LatestVersion", "3.14.1.0");
    user_pref("CT3072253.Locale", "en");
    user_pref("CT3072253.MCDetectTooltipHeight", "83");
    user_pref("CT3072253.MCDetectTooltipUrl", "http://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
    user_pref("CT3072253.MCDetectTooltipWidth", "295");
    user_pref("CT3072253.MyStuffEnabledAtInstallation", false);
    user_pref("CT3072253.OriginalFirstVersion", "3.13.0.6");
    user_pref("CT3072253.SavedHomepage", "chrome://branding/locale/browserconfig.properties");
    user_pref("CT3072253.SearchCaption", "uTorrentControl2 Customized Web Search");
    user_pref("CT3072253.SearchEngineBeforeUnload", "uTorrentControl2 Customized Web Search");
    user_pref("CT3072253.SearchFromAddressBarIsInit", true);
    user_pref("CT3072253.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=");
    user_pref("CT3072253.SearchInNewTabEnabled", true);
    user_pref("CT3072253.SearchInNewTabIntervalMM", 1440);
    user_pref("CT3072253.SearchInNewTabLastCheckTime", "Sat Sep 01 2012 16:17:42 GMT-0400 (Eastern Daylight Time)");
    user_pref("CT3072253.SearchInNewTabServiceUrl", "http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
    user_pref("CT3072253.SearchProtectorEnabled", true);
    user_pref("CT3072253.SearchProtectorToolbarDisabled", false);
    user_pref("CT3072253.SendProtectorDataViaLogin", true);
    user_pref("CT3072253.ServiceMapLastCheckTime", "Sat Sep 01 2012 16:17:40 GMT-0400 (Eastern Daylight Time)");
    user_pref("CT3072253.SettingsLastCheckTime", "Sat Sep 01 2012 16:17:40 GMT-0400 (Eastern Daylight Time)");
    user_pref("CT3072253.SettingsLastUpdate", "1346235632");
    user_pref("CT3072253.TBHomePageUrl", "http://search.conduit.com/?ctid=CT3072253&SearchSource=13");
    user_pref("CT3072253.ThirdPartyComponentsInterval", 504);
    user_pref("CT3072253.ThirdPartyComponentsLastCheck", "Sun Aug 19 2012 17:48:06 GMT-0400 (Eastern Daylight Time)");
    user_pref("CT3072253.ThirdPartyComponentsLastUpdate", "1331805997");
    user_pref("CT3072253.ToolbarShrinkedFromSetup", false);
    user_pref("CT3072253.TrusteLinkUrl", "http://trust.conduit.com/CT3072253");
    user_pref("CT3072253.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com
    user_pref("CT3072253.UserID", "UN87104961991566855");
    user_pref("CT3072253.alertChannelId", "1463702");
    user_pref("CT3072253.autoDisableScopes", -1);
    user_pref("CT3072253.backendstorage.cb_user_id_000", "43423835313334353135373237385F46697265666F78");
    user_pref("CT3072253.backendstorage.cbcountry_001", "5553");
    user_pref("CT3072253.backendstorage.cbfirsttime", "547565204A756C20313720323031322031343A34363A313320474D542D3034303020284561737465726E204461796C696768742054696D6529");
    user_pref("CT3072253.backendstorage.url_history0001", "687474703A2F2F627269636B732E636F75706F6E732E636F6D2F53746172742E6173703F62743D76692674716E6D3D78667470626C61393139383739
    user_pref("CT3072253.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlP
    user_pref("CT3072253.globalFirstTimeInfoLastCheckTime", "Sat Sep 01 2012 16:17:41 GMT-0400 (Eastern Daylight Time)");
    user_pref("CT3072253.homepageProtectorEnableByLogin", true);
    user_pref("CT3072253.initDone", true);
    user_pref("CT3072253.isAppTrackingManagerOn", false);
    user_pref("CT3072253.myStuffEnabled", true);
    user_pref("CT3072253.myStuffPublihserMinWidth", 400);
    user_pref("CT3072253.myStuffSearchUrl", "http://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
    user_pref("CT3072253.myStuffServiceIntervalMM", 1440);
    user_pref("CT3072253.myStuffServiceUrl", "http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
    user_pref("CT3072253.navigateToUrlOnSearch", false);
    user_pref("CT3072253.oldAppsList", "129295695672325902,129571859753931591,111,129593762370823811,129805375651312503,129749445881800338,129573915102477663,1000080,1000515,1000,
    user_pref("CT3072253.revertSettingsEnabled", false);
    user_pref("CT3072253.searchProtectorDialogDelayInSec", 10);
    user_pref("CT3072253.searchProtectorEnableByLogin", true);
    user_pref("CT3072253.testingCtid", "");
    user_pref("CT3072253.toolbarAppMetaDataLastCheckTime", "Sat Sep 01 2012 16:17:41 GMT-0400 (Eastern Daylight Time)");
    user_pref("CT3072253.toolbarContextMenuLastCheckTime", "Sun Aug 19 2012 17:48:07 GMT-0400 (Eastern Daylight Time)");
    user_pref("CT3072253.usagesFlag", 2);
    user_pref("CommunityToolbar.ConduitHomepagesList", "http://search.conduit.com/?ctid=CT3072253&SearchSource=13");
    user_pref("CommunityToolbar.ConduitSearchList", "uTorrentControl2 Customized Web Search");
    user_pref("CommunityToolbar.ETag.http://Settings.toolbar.search.conduit.com/root/CT3072253/CT3072253", "\"acd015a932c2eb1d4322e9bb7055cd912\"");
    user_pref("CommunityToolbar.ETag.http://appsmetadata.toolbar.conduit-services.com/?ctid=CT3072253", "\"1336063965\"");
    user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "C5ZJe6gL80JBW5CuLy+wkg==");
    user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "2E1/v7EfCEDbv3VaBQMELg==");
    user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "UgzXjW7BIkfdx+x39Ruv3w==");
    user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "4BgM4MhF/sOgPsDNmIs3Yw==");
    user_pref("CommunityToolbar.ETag.http://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"8076e3ce381dcd1:0\"");
    user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"0e0a4327275cd1:0\"");
    user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14.1.0", "\"0e0a4327275cd1:151d\"");
    user_pref("CommunityToolbar.ETag.http://servicemap.conduit-services.com/Toolbar/?ownerId=CT3072253", "\"c912886ea3ba021d3a9ef2d6ad700899\"");
    user_pref("CommunityToolbar.ETag.http://translation.toolbar.conduit-services.com/?locale=en", "\"dfed7e16778403291867fc5515fa7d93\"");
    user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Andy *\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\bp78we79.default\\conduitCommon\\modules\\3.14.1.0")
    user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.14.1.0");
    user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
    user_pref("CommunityToolbar.ToolbarsList", "CT3072253");
    user_pref("CommunityToolbar.ToolbarsList2", "CT3072253");
    user_pref("CommunityToolbar.ToolbarsList4", "CT3072253");
    user_pref("CommunityToolbar.globalUserId", "f44be36e-3c9a-42c3-aa20-492a2b411750");
    user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
    user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
    user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3072253");
    user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sat Sep 01 2012 16:17:43 GMT-0400 (Eastern Daylight Time)");
    user_pref("CommunityToolbar.notifications.alertEnabled", false);
    user_pref("CommunityToolbar.notifications.clientsServerUrl", "http://alert.client.conduit.com");
    user_pref("CommunityToolbar.notifications.locale", "en");
    user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
    user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sat Sep 01 2012 16:17:42 GMT-0400 (Eastern Daylight Time)");
    user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
    user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
    user_pref("CommunityToolbar.notifications.servicesServerUrl", "http://alert.services.conduit.com");
    user_pref("CommunityToolbar.notifications.showTrayIcon", false);
    user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
    user_pref("CommunityToolbar.notifications.userId", "debfab77-1dcd-472e-b599-1e370010da9c");
    user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
    user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties");
    user_pref("browser.search.defaultthis.engineName", "uTorrentControl2 Customized Web Search");
    user_pref("browser.search.defaulturl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}");
    user_pref("browser.startup.homepage", "http://www.amazon.com/websearch/ref=bit_bds-p18_serp_ff_us_display?ie=UTF8&tagbase=bds-p18&tbrId=v1_abb-channel-18_9ca33d2c4ff849bc9c0d1
    user_pref("keyword.URL", "http://www.amazon.com/websearch/ref=bit_bds-p18_serp_ff_us_display?ie=UTF8&tag=bds-p18-serp-us-ff-20&tagbase=bds-p18&tbrId=v1_abb-channel-18_9ca33d2c
    Emptied folder: C:\Users\Andy *\AppData\Roaming\mozilla\firefox\profiles\bp78we79.default\minidumps [5 files]

    ~~~ Chrome

    Successfully deleted: [Folder] C:\Users\Andy *\appdata\local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
    Successfully deleted: [Folder] C:\Users\Andy *\appdata\local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
    Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\dhkplhfnhceodhffomolpfigojocbpcb
    Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\pmlghpafmmnmmkjdhacccolfgnkiboco

    ~~~ Event Viewer Logs were cleared

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Thu 01/17/2013 at 15:38:19.43
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
    harvastmoon, Jan 17, 2013
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Just reboot and tell me now things are running. ( In the future, please ATTACH your logs. )
     
    TimW, Jan 17, 2013
    #5
  6. harvastmoon

    harvastmoon Private E-2

    I ran defraggler, then rebooted and it seems a bit quicker but still not like before. what do you think?
     
    harvastmoon, Jan 17, 2013
    #6
  7. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I strongly advise you to cleanup your Desktop. Remove everything but links to run programs. Do not download and save programs here and definitely do not use it for long term storage. You need to keep ComboFix.exe here for now as we need it, but we will be removing it when we are finished with your cleanup. A cluttered Desktop is malware's playground and it can also cause performance degradation especially when you start saving large files here like you are doing.

    You can also clean up all the files under:
    C:\Users\Andy Baker\AppData

    Your logs are clean.

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware. You can uninstall RogueKiller and HitManPro.
    2. Go back to step 4 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Go to add/remove programs and uninstall HijackThis.
    6. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
      related to MGtools and some other items from our cleaning procedures.
    7. After doing the above, you should work thru the below link
    Malware removal from a National Chain = $149
    Malware removal from MajorGeeks = $0
     
    TimW, Jan 18, 2013
    #7
  8. harvastmoon

    harvastmoon Private E-2

    I will do all of these as soon as my son gets back from college with the laptop this Saturday!
    He left with it, without telling me, so I couldn't finish up all of your instructions:(!
    sheesh kids....:-o
     
    harvastmoon, Jan 25, 2013
    #8
  9. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Let me know it you have any problems.
     
    TimW, Jan 25, 2013
    #9

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds