System restore keeps switching off

Slartybart · 04 Feb 2014

Ok, Mbam reported three Potentially Unwanted Programs (PUP). That's not bad, but you probably want to do a thorugh check. Hopefully Mbam took care of them, but others might be lurking.

These things usually come from SW installs where the author or site has bundled the SW with other things to promote their site or generate ad revenue. Most are legit and can be uninstalled through normal channels. Some cannot be uninstalled that way.

The best install advice is to click on custom (instead of auto or express) and pay attention to during and after the install. Remove any check marks from extraneous software offered by the install (sometimes tis isn't offered until you're about to hit finish - the extra software is ticked and you hit the finish button). Everybody does it, I miss it sometimes because the offer is small or situated in a "blind spot" on the window.

Anyway.....

Let's see what other scanners tell you.

AdwCleaner is a two step process. Scan then Clean

Step 1: Download and Scan

Click here to download AdwCleaner (author: Xplode)
>> save the application to your Desktop.

Double click on AdwCleaner.exe on your Desktop to run the scanner.
Right-click and select Run As Administrator.
AdwCleaner is a standalone executable, there is no install.
Click on the Scan button.
>> AdwCleaner begins scanning your system. It might take some time to complete, be patient
When the scan has finished, click on the Report button
>> the AdwCleaner log: AdwCleaner[R#].txt is opened in your default Text editor.
[R#] gets incremented every time you run AdwCleaner - the highest number is the most recent.
Look through the log for any recognizable entries - don't worry about other details in the log.
i.e. I use Textpad on my system and AdwCleaner flags it as a possilbe threat because I configured Textpad to replace Notepad. AdwCleaner says "Hey, that's not quite right - you should take a look a this - did you make this change"
Paste the entire AdwCleaner log in your next post.
AdwCleaner logs are located in the C:\AdwCleaner folder if you need to reference them again.

k0065126 · 05 Feb 2014

Thanks,

I ran MSE to do a full check with no problems showing and ran Mbam again doing a full check and this is the report :-

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.04.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Viv :: VIV-ASUSPC [administrator]

04/02/2014 22:47:18
mbam-log-2014-02-04 (22-47-18).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 638437
Time elapsed: 52 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCR\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1} (PUP.Optional.Conduit) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll (PUP.Optional.Conduit) -> No action taken.
D:\Software Backup\BBC iPlayer programs\YouTube_mp3_converter\YTDSetup.exe (PUP.Optional.Spigot.A) -> No action taken.

(end)

Yes, I do try to be careful when installing software, especially 'free' programs, in case they try to sneak something I don't want on to my computer, but sometimes I forget. I will try to remember to use the custom install option in future.

I will do another post with the results from Adwcleaner.

Viv

k0065126 · 05 Feb 2014

I am not sure why you suggested running AdwCleaner twice, once by double click and the second time as administrator. In fact the same results are obtained by the two methods. I do not recognise most of the entries in the Files/Folders section, and there seem to be a lot in the Firefox section relating to funmoods which I probably could do without as I think that they were installed without my sanctioning them. It is impossible to decide on the registry entries as there are few clues as to what they do, so I should probably leave well alone.

Results from Adwcleaner :-
# AdwCleaner v3.018 - Report created 05/02/2014 at 08:25:37
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Viv - VIV-ASUSPC
# Running from : C:\Users\Viv\Desktop\AdwCleaner.exe
# Option : Scan
***** [ Services ] *****
　
***** [ Files / Folders ] *****
File Found : C:\Users\Viv\AppData\Roaming\Mozilla\Firefox\Profiles\nbnr5uos.default\invalidprefs.js
File Found : C:\Users\Viv\AppData\Roaming\Mozilla\Firefox\Profiles\nbnr5uos.default\searchplugins\funmoods.xml
File Found : C:\Users\Viv\AppData\Roaming\Mozilla\Firefox\Profiles\nbnr5uos.default\user.js
Folder Found C:\Program Files (x86)\Conduit
Folder Found C:\Program Files (x86)\myfree codec
Folder Found C:\ProgramData\apn
Folder Found C:\ProgramData\Tarma Installer
Folder Found C:\Users\Viv\AppData\Local\Conduit
Folder Found C:\Users\Viv\AppData\Local\PackageAware
Folder Found C:\Users\Viv\AppData\Local\Zoom_Downloader
Folder Found C:\Users\Viv\AppData\LocalLow\Conduit
Folder Found C:\Users\Viv\AppData\LocalLow\PriceGong
Folder Found C:\Users\Viv\AppData\LocalLow\Toolbar4
Folder Found C:\Users\Viv\AppData\Roaming\Babylon
Folder Found C:\Users\Viv\AppData\Roaming\Common\LuaRT
Folder Found C:\Users\Viv\AppData\Roaming\DataMgr
Folder Found C:\Users\Viv\AppData\Roaming\fbDownloader
Folder Found C:\Users\Viv\AppData\Roaming\Intermediate
Folder Found C:\Users\Viv\AppData\Roaming\SCheck
Folder Found C:\Users\Viv\AppData\Roaming\SSync
***** [ Shortcuts ] *****
　
***** [ Registry ] *****
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\smartbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A5812E8F-0E16-4C65-88F7-492D36174CB2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKCU\Software\PIP
Key Found : HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\APN PIP
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\PIP
Key Found : [x64] HKCU\Software\Softonic
Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Found : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Found : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Found : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Found : HKLM\SOFTWARE\Classes\TBSB03150.IEToolbar
Key Found : HKLM\SOFTWARE\Classes\TBSB03150.IEToolbar.1
Key Found : HKLM\SOFTWARE\Classes\TBSB03150.TBSB03150
Key Found : HKLM\SOFTWARE\Classes\TBSB03150.TBSB03150.3
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2704262
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2737658
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.TBSB03150
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.TBSB03150
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.TBSB03150.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.TBSB03150.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\InstallIQ
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_unlocker_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_unlocker_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKLM\Software\PIP
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Found : [x64] HKLM\SOFTWARE\Tarma Installer
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{CA3EB689-8F09-4026-AA10-B9534C691CE0}]
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16428
　
-\\ Mozilla Firefox v26.0 (en-GB)
[ File : C:\Users\Viv\AppData\Roaming\Mozilla\Firefox\Profiles\nbnr5uos.default\prefs.js ]
Line Found : user_pref("CT2704262_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1356525098993,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Found : user_pref("CT2737658_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1356120159269,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Found : user_pref("extensions.funmoods.aflt", "iron2");
Line Found : user_pref("extensions.funmoods.autoRvrt", false);
Line Found : user_pref("extensions.funmoods.brwsrsrc", "ietlbr");
Line Found : user_pref("extensions.funmoods.cntry", "GB");
Line Found : user_pref("extensions.funmoods.cv", "cv5");
Line Found : user_pref("extensions.funmoods.dfltLng", "");
Line Found : user_pref("extensions.funmoods.dfltSrch", true);
Line Found : user_pref("extensions.funmoods.dfltlng", "en");
Line Found : user_pref("extensions.funmoods.dfltsrch", "false");
Line Found : user_pref("extensions.funmoods.dnsErr", true);
Line Found : user_pref("extensions.funmoods.envrmnt", "production");
Line Found : user_pref("extensions.funmoods.excTlbr", false);
Line Found : user_pref("extensions.funmoods.hdrMd5", "2AA82D3926F585311B57DD6203BCC425");
Line Found : user_pref("extensions.funmoods.hmpg", true);
Line Found : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=iron2&ir=iron2&cd=2XzuyEtN2Y1L1QzutAtDzzyD0Azyzz0E0ByEyEtBtD0B0C0EtN0D0Tzu0CtAyCtCtN1L2XzutBt FtBtFtCtFyEtDyB&cr=948980012");
Line Found : user_pref("extensions.funmoods.hrdid", "3085A98EB4420BCE");
Line Found : user_pref("extensions.funmoods.id", "3085A98EB4420BCE");
Line Found : user_pref("extensions.funmoods.instlDay", "15700");
Line Found : user_pref("extensions.funmoods.instlRef", "iron2");
Line Found : user_pref("extensions.funmoods.instlday", "15700");
Line Found : user_pref("extensions.funmoods.instlref", "iron2");
Line Found : user_pref("extensions.funmoods.isdcmntcmplt", true);
Line Found : user_pref("extensions.funmoods.keywordurl", "");
Line Found : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2212:17:32");
Line Found : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Line Found : user_pref("extensions.funmoods.newTab", true);
Line Found : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=iron2&ir=iron2&cd=2XzuyEtN2Y1L1QzutAtDzzyD0Azyzz0E0ByEyEtBtD0B0C0EtN0D0Tzu0CtAyCtCtN1L2XzutBt FtBtFtCtFyEtDyB&cr=948980012")[...]
Line Found : user_pref("extensions.funmoods.newtab", true);
Line Found : user_pref("extensions.funmoods.newtaburl", "hxxp://searchfunmoods.com/?f=2&a=iron2&ir=iron2&cd=2XzuyEtN2Y1L1QzutAtDzzyD0Azyzz0E0ByEyEtBtD0B0C0EtN0D0Tzu0CtAyCtCtN1L2XzutBt FtBtFtCtFyEtDyB&cr=948980012")[...]
Line Found : user_pref("extensions.funmoods.prdct", "funmoods");
Line Found : user_pref("extensions.funmoods.prtnrId", "funmoods");
Line Found : user_pref("extensions.funmoods.prtnrid", "funmoods");
Line Found : user_pref("extensions.funmoods.savedVrsnTs", "1");
Line Found : user_pref("extensions.funmoods.sg", "none");
Line Found : user_pref("extensions.funmoods.smplGrp", "none");
Line Found : user_pref("extensions.funmoods.smplgrp", "none");
Line Found : user_pref("extensions.funmoods.srch", "");
Line Found : user_pref("extensions.funmoods.srchPrvdr", "Funmoods");
Line Found : user_pref("extensions.funmoods.srchprvdr", "Funmoods");
Line Found : user_pref("extensions.funmoods.tlbrId", "base");
Line Found : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=iron2&ir=iron2&cd=2XzuyEtN2Y1L1QzutAtDzzyD0Azyzz0E0ByEyEtBtD0B0C0EtN0D0Tzu0CtAyCtCtN1L2XzutBt FtBtFtCtFyEtDyB&cr=948980012[...]
Line Found : user_pref("extensions.funmoods.tlbrid", "base");
Line Found : user_pref("extensions.funmoods.tlbrsrchurl", "hxxp://searchfunmoods.com/?f=3&a=iron2&ir=iron2&cd=2XzuyEtN2Y1L1QzutAtDzzyD0Azyzz0E0ByEyEtBtD0B0C0EtN0D0Tzu0CtAyCtCtN1L2XzutBt FtBtFtCtFyEtDyB&cr=948980012[...]
Line Found : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Line Found : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2212:17:32");
Line Found : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Line Found : user_pref("extensions.funmoods.vrsnts", "1.5.23.2212:17:32");
Line Found : user_pref("extensions.funmoods_i.newTab", true);
Line Found : user_pref("extensions.funmoods_i.smplGrp", "none");
Line Found : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2212:17:32");
-\\ Google Chrome v32.0.1700.107
[ File : C:\Users\Viv\AppData\Local\Google\Chrome\User Data\Default\preferences ]
　
*************************
AdwCleaner[R0].txt - [18252 octets] - [05/02/2014 08:21:16]
AdwCleaner[R1].txt - [17991 octets] - [05/02/2014 08:25:37]
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [18052 octets] ##########

Viv

Slartybart · 09 Feb 2014

k0065126 said:

I am not sure why you suggested running AdwCleaner twice, once by double click and the second time as administrator.
Viv

Sorry viv,

The dbl click was a carry over text editing error - run as should have been the only one.

Let me look through the log and see what I can see.

There will be a 2nd AdwCleaner run - but that one is intentional - it is the clean cycle.

I'll post instructions after reading the first log(s)

Bill
.

Slartybart · 09 Feb 2014

All right, it's a bit messy and will probably require more utilities to really cleanse your system, but let's let AdwCleaner do it's clean step.

AdwCleaner Step 2: Scan and Clean

Right-click AdwCleaner.exe whre you originally saved it and select Run As Administrator.
Click on the Scan button.
>> AdwCleaner begins scanning your system. It might take some time to complete.
After the scan has finished... click on the Clean button.
- Answer OK to the "close all programs" prompt, then follow the onscreen prompts.
- Answer OK to the "restart the computer" prompt to complete the removal process.
  >> The AdwCleaner[S#].txt log is opened in your default Text editor when the machine has restarted.
  [R#] gets incremented every time you run AdwCleaner - the highest number is the most recent.
Paste the entire AdwCleaner log in your next post.
AdwCleaner logs are located in the C:\AdwCleaner folder if you need to reference them again

Slartybart · 09 Feb 2014

When you get the chance, please follow this tutorial to provide the current operating environment of your machine:
Speccy - Publish Snapshot of your System Specs

There are some files in the AdwCleaner log that make me think your machine needs a good look at what is installed in Pgms & Feats - not malware related, but perhaps unecessary utilties.

I'll know more when I see the Speccy report.

How is the system behaving with regards to System Protection / Restore Points?

Thanks,

Bill
.