Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91819 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Explorer.exe crashes constantly. Is it malware related? [Solved]


  • This topic is locked This topic is locked
68 replies to this topic

#16 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 25 March 2014 - 09:12 AM

Hi leader2,
 

Thanks for your help. The log finally opened, but as I thought it was so large that it couldn't be pasted here. I believe that's why it was a cabinet file and not a regular text file like the other logs I've posted. It's 10.6 mb, which makes me think something must have really went wrong in the system with the corruption. The attachments only allow files that are 2mb in size. Do you still want me to try to upload the log via another file host for you?

 
I thought we might run into that problem using the most recent code. The original code would have filtered the specific lines of the log file that would indicate the corrupt files.
 
At this point we have three (3) options to try:
  • Re-run the sfc /scannow command followed immediately (do not close the cmd window) by this command findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >%userprofile%\Desktop\sfcdetails.txt
  • Zip (compress) the file and see if it's small enough to attach to your reply.
  • Find a file hosting site that would allow you to upload the entire 10.6 mb file as is.

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

    Advertisements

Register to Remove


#17 leader2

leader2

    Authentic Member

  • Authentic Member
  • PipPip
  • 248 posts

Posted 25 March 2014 - 10:37 AM

I appreciate the recommendation to zip the file. That compressed it enough to attach it even though the when I re scanned nothing appeared as a scan log. However I'm very concerned about my computer though. Is this a usual issue to have with this explorer and blue screen problem like this where the files get corrupted like this? The computer is now kind of having the explorer issue even more and beginning to slow down a bit more and freeze a bit. It's only a 14 months old so if you could tell me if you think this is normal or not I would appreciate that as well. 

Attached Files

  • Attached File  CBS.zip   326.39KB   92 downloads


#18 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 25 March 2014 - 12:38 PM

Hi leader2,
 

However I'm very concerned about my computer though. Is this a usual issue to have with this explorer and blue screen problem like this where the files get corrupted like this? The computer is now kind of having the explorer issue even more and beginning to slow down a bit more and freeze a bit. It's only a 14 months old so if you could tell me if you think this is normal or not I would appreciate that as well.


It's a bit difficult for me to say if this is a normal issue. But files do become corrupt from time to time, so it is certainly possible. If will take some time to sift through the CBS file, so bare with me. I generally work with malware issues and this may turn out to not be the case here, but let's continue on.

Go here, and scroll down to OPTION ONE:


Follow the steps of the tutorial, you will be using this command in the command prompt window. Just copy and paste it into the window.
Dism /Online /Cleanup-Image /RestoreHealth

Reboot after it has completed.

Then re-run the sfc\ scannow step again from the command prompt.
Take a screen shot of the command window when it is finished and post in your next reply.


 


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#19 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 28 March 2014 - 08:33 AM

Hi leader2,

Just checking in to see if you still need help?


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#20 leader2

leader2

    Authentic Member

  • Authentic Member
  • PipPip
  • 248 posts

Posted 28 March 2014 - 05:46 PM

Hi leader2,

Just checking in to see if you still need help?

 

Yes I still do OCD. I apologize that I haven't replied yet. I haven't been able to get online in a few days. I am going to follow your steps for the fix and post results tomorrow. Sorry for any confusion. 



#21 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 28 March 2014 - 07:25 PM

Thanks for the update. :thumbup:


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#22 leader2

leader2

    Authentic Member

  • Authentic Member
  • PipPip
  • 248 posts

Posted 29 March 2014 - 10:18 PM

Hi OCD. Sorry it took me so long to post here and thanks for your patience. Sometimes I'm not able to get online. You have been very helpful. I understand the CBS file was very large and took some time to go thru so I understand your need for me to bear with you. Thanks for bearing with me as well thru this process.  :thumbup:

 

Here is my screenshot from after the sfc scan. I think your Dism fix must have worked because after I ran it and reran the sfc this came up. 

 

g7s5.png



#23 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 30 March 2014 - 12:22 AM

Hi leader2,

bullseye_zpse9eaf36e.gif Re-run OTL, but this time place a check mark in the box that reads Scan All Users.

OTLGUIallusers_zps57e4ec2f.gif

=========================

bullseye_zpse9eaf36e.gif Malwarebytes' Anti-Malware

Download Malwarebytes' Anti-Malware (save it to your desktop).
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Once the program has loaded, select the Update tab to get the latest updates before performing the scan.
  • Select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
=========================


bullseye_zpse9eaf36e.gif ESET Online Scanner

*Note:
  • It is recommended to disable on-board antivirus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
  • Please don't go surfing while your resident protection is disabled!
  • Once the scan is finished remember to re-enable your antivirus along with your anti-spyware programs.
** You need to run your browser with Administrator Rights, to do so right click your browsers short cut and select "Run as Administrator".

= = = = = = = = = = = = = = = = = = = =

Go here to run ESET Online Scanner

(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your Antivirus software. You can usually do this with its Notification Tray icon near the clock
  • Click Start
  • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
  • Click Scan.
  • Wait for the scan to finish.
  • When the scan completes, click List of found threats
  • click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
  • Include the contents of this report in your next reply

    Note - when ESET doesn't find any threats, no report will be created.
  • Push the back button.
  • Push Finish
  • Re-enable your Antivirus software.
=========================

In your next post please provide the following:
  • OTL.txt
  • MBAM log
  • ESET's log.txt
  • How's the computer running, any symptoms?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#24 leader2

leader2

    Authentic Member

  • Authentic Member
  • PipPip
  • 248 posts

Posted 30 March 2014 - 05:47 PM

In your next post please provide the following:
OTL.txt
MBAM log
ESET's log.txt
How's the computer running, any symptoms?
 
OTL.txt
 
When I tried to post the forum thread said my post was too long so I attached my OTL.txt
 
MBAM log
 
I also attached my MBAM log
 
 
ESET's log.txt
 
C:\Program Files (x86)\NCH Software\Debut\debut.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\Program Files (x86)\NCH Software\Debut\debutsetup_v1.82.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\Program Files (x86)\NCH Software\GoldenVideos\goldenvideos.exe probably a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\Program Files (x86)\NCH Software\GoldenVideos\goldenvideossetup_v3.01.exe probably a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\Program Files (x86)\NCH Software\Switch\switch.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\Program Files (x86)\NCH Software\Switch\switchsetup_v4.43.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\Program Files (x86)\NCH Swift Sound\Slice\slice.exe a variant of Win32/Toolbar.Conduit.I potentially unwanted application
C:\Program Files (x86)\NCH Swift Sound\Slice\slicesetup_v2.00.exe a variant of Win32/Toolbar.Conduit.I potentially unwanted application
C:\Program Files (x86)\NCH Swift Sound\Slice\uninst.exe a variant of Win32/Toolbar.Conduit.I potentially unwanted application
C:\Users\A Lamar\AppData\Local\Torch\Helper.dll a variant of Win32/Toolbar.SearchSuite.P potentially unwanted application
C:\Users\White\AppData\Roaming\Search Protection\Uninstall.exe probably a variant of Win32/Toolbar.Widgi potentially unwanted application
C:\Users\White\Downloads\defragsetup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application
K:\1\EXMINISTRIES\EX MINISTRIES VIDEOS\cbsidlm-tr1_14-Free_SWF_to_AVI_Converter-SEO-75687385.exe Win32/DownloadAdmin.G potentially unwanted application
K:\1\TV SHOWS\FAMILY MATTERS\SEASON 7\deluge+bittorrent+client_1.0.exe a variant of Win32/DownloadGuide.A potentially unwanted application
K:\1\UNDERSTANDINGTV.COM\SPIRITUAL DEVELOPMENT\Possessing Power to Have Victory Over Your Thoughts\Download\gvsetup.exe probably a variant of Win32/Toolbar.Conduit.H potentially unwanted application
K:\D\D&S\AdmIN\Desktop\SOFTWARE\zlsSetup_70_483_000_en.exe a variant of Win32/AdInstaller potentially unwanted application
K:\My Kindle Content\D\D&S\AdmIN\Desktop\SOFTWARE\zlsSetup_70_483_000_en.exe a variant of Win32/AdInstaller potentially unwanted application
K:\SOFTWARE\AUDIO & VIDEO\AUDIO\audiograbbersetup183se.exe a variant of Win32/Toolbar.Funmoods.D potentially unwanted application
K:\SOFTWARE\AUDIO & VIDEO\AUDIO\DVD KNIFE .exe Win32/Adware.RK.AP application
K:\SOFTWARE\AUDIO & VIDEO\AUDIO\slicesetup.exe a variant of Win32/Toolbar.Conduit.I potentially unwanted application
K:\SOFTWARE\AUDIO & VIDEO\AUDIO\switch setup (SWITCH AUDIO CONVERTER).exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
K:\SOFTWARE\AUDIO & VIDEO\DVD AUTHORING\dvd styler.exe Win32/Somoto.E potentially unwanted application
K:\SOFTWARE\AUDIO & VIDEO\SCREEN RECORDER CAPTURE\cbsidlm-tr1_14-Webcam_Screen_Video_Capture_Free-ORG-75940100.exe Win32/DownloadAdmin.G potentially unwanted application
K:\SOFTWARE\AUDIO & VIDEO\SCREEN RECORDER CAPTURE\debut 1.60.exe a variant of Win32/Toolbar.Conduit.J potentially unwanted application
K:\SOFTWARE\AUDIO & VIDEO\SCREEN RECORDER CAPTURE\Debut Video Capture Software.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
K:\SOFTWARE\AUDIO & VIDEO\SCREEN RECORDER CAPTURE\debutsetup.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
K:\SOFTWARE\AUDIO & VIDEO\SCREEN RECORDER CAPTURE\KOYOTESOFT SCREEN RECORDER Free Screen to Video.exe Win32/Toolbar.SearchSuite potentially unwanted application
K:\SOFTWARE\AUDIO & VIDEO\VIDEO CONVERTERS\FORMAT FACTORY Setup3.1.1.0.exe a variant of Win32/Hao123.A potentially unwanted application
K:\SOFTWARE\AUDIO & VIDEO\VIDEO CONVERTERS\KOYOTESOFT ISO OPEN.exe Win32/Toolbar.SearchSuite potentially unwanted application
K:\SOFTWARE\COMP\IObit Unlocker 1.1 (DELETE FILES YOU CAN'T BECAUSE OF ADMIN).exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application
K:\SOFTWARE\COMP\MAINTENANCE\aulogics disk-defrag-setup.exe Win32/InstallMonetizer.AQ potentially unwanted application
K:\SOFTWARE\COMP\MISC\cbsidlm-tr1_13-JetClean-ORG-75627788.exe Win32/DownloadAdmin.G potentially unwanted application
K:\SOFTWARE\COMP\MISC\PDFCreator-1_7_2_setup.exe Win32/InstallMonetizer.AQ potentially unwanted application
K:\SOFTWARE\OFFICE AND NEWS\PDFCreator 1.7.2.exe Win32/InstallMonetizer.AQ potentially unwanted application
K:\SOFTWARE\SECURITY\FIREWALLS\ZoneAlarm Free 12.0.121.000.exe Win32/Toolbar.Conduit potentially unwanted application
K:\SOFTWARE\SYSTEM TUNING\Cleaning and Tweaking\Unlocker1.9.2.exe a variant of Win32/Toolbar.Babylon.E potentially unwanted application
K:\SOFTWARE\SYSTEM TUNING\Defragmentation\Auslogics Disk Defrag 4.4.2.0.exe Win32/InstallMonetizer.AQ potentially unwanted application
O:\1\EXMINISTRIES\EX MINISTRIES VIDEOS\cbsidlm-tr1_14-Free_SWF_to_AVI_Converter-SEO-75687385.exe Win32/DownloadAdmin.G potentially unwanted application
O:\1\TV SHOWS\FAMILY MATTERS\SEASON 7\deluge+bittorrent+client_1.0.exe a variant of Win32/DownloadGuide.A potentially unwanted application
O:\1\UNDERSTANDINGTV.COM\SPIRITUAL DEVELOPMENT\Possessing Power to Have Victory Over Your Thoughts\Download\gvsetup.exe probably a variant of Win32/Toolbar.Conduit.H potentially unwanted application
O:\D\D&S\AdmIN\Desktop\SOFTWARE\zlsSetup_70_483_000_en.exe a variant of Win32/AdInstaller potentially unwanted application
O:\My Kindle Content\D\D&S\AdmIN\Desktop\SOFTWARE\zlsSetup_70_483_000_en.exe a variant of Win32/AdInstaller potentially unwanted application
O:\SOFTWARE\AUDIO & VIDEO\AUDIO\audiograbbersetup183se.exe a variant of Win32/Toolbar.Funmoods.D potentially unwanted application
O:\SOFTWARE\AUDIO & VIDEO\AUDIO\DVD KNIFE .exe Win32/Adware.RK.AP application
O:\SOFTWARE\AUDIO & VIDEO\AUDIO\slicesetup.exe a variant of Win32/Toolbar.Conduit.I potentially unwanted application
O:\SOFTWARE\AUDIO & VIDEO\AUDIO\switch setup (SWITCH AUDIO CONVERTER).exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
O:\SOFTWARE\AUDIO & VIDEO\DVD AUTHORING\dvd styler.exe Win32/Somoto.E potentially unwanted application
O:\SOFTWARE\AUDIO & VIDEO\SCREEN RECORDER CAPTURE\cbsidlm-tr1_14-Webcam_Screen_Video_Capture_Free-ORG-75940100.exe Win32/DownloadAdmin.G potentially unwanted application
O:\SOFTWARE\AUDIO & VIDEO\SCREEN RECORDER CAPTURE\debut 1.60.exe a variant of Win32/Toolbar.Conduit.J potentially unwanted application
O:\SOFTWARE\AUDIO & VIDEO\SCREEN RECORDER CAPTURE\Debut Video Capture Software.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
O:\SOFTWARE\AUDIO & VIDEO\SCREEN RECORDER CAPTURE\debutsetup.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
O:\SOFTWARE\AUDIO & VIDEO\SCREEN RECORDER CAPTURE\KOYOTESOFT SCREEN RECORDER Free Screen to Video.exe Win32/Toolbar.SearchSuite potentially unwanted application
O:\SOFTWARE\AUDIO & VIDEO\VIDEO CONVERTERS\FORMAT FACTORY Setup3.1.1.0.exe a variant of Win32/Hao123.A potentially unwanted application
O:\SOFTWARE\AUDIO & VIDEO\VIDEO CONVERTERS\KOYOTESOFT ISO OPEN.exe Win32/Toolbar.SearchSuite potentially unwanted application
O:\SOFTWARE\COMP\IObit Unlocker 1.1 (DELETE FILES YOU CAN'T BECAUSE OF ADMIN).exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application
O:\SOFTWARE\COMP\MAINTENANCE\aulogics disk-defrag-setup.exe Win32/InstallMonetizer.AQ potentially unwanted application
O:\SOFTWARE\COMP\MISC\cbsidlm-tr1_13-JetClean-ORG-75627788.exe Win32/DownloadAdmin.G potentially unwanted application
O:\SOFTWARE\COMP\MISC\PDFCreator-1_7_2_setup.exe Win32/InstallMonetizer.AQ potentially unwanted application
O:\SOFTWARE\OFFICE AND NEWS\PDFCreator 1.7.2.exe Win32/InstallMonetizer.AQ potentially unwanted application
O:\SOFTWARE\SECURITY\FIREWALLS\ZoneAlarm Free 12.0.121.000.exe Win32/Toolbar.Conduit potentially unwanted application
O:\SOFTWARE\SYSTEM TUNING\Cleaning and Tweaking\Unlocker1.9.2.exe a variant of Win32/Toolbar.Babylon.E potentially unwanted application
O:\SOFTWARE\SYSTEM TUNING\Defragmentation\Auslogics Disk Defrag 4.4.2.0.exe Win32/InstallMonetizer.AQ potentially unwanted application
 
 
How's the computer running, any symptoms?
 
The explorer isn't crashing as much, which is good, but when I rebooted the computer it did show the explorer error I told you about. It is running to me a bit slower than I think it should be considering my specs which while I'm not an expert, I would think would provide a much better experience than I'm currently having (I have 8gb ram, an I5 processor 3ghz with a 2 tb drive on a 64 bit machine). My sync manager has been crashing a lot lately (as other programs starting up I think a bit slower than they should) and before it never did this. 
 

 

Attached Files



#25 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 30 March 2014 - 09:53 PM

Hi leader2,

Your primary hard drive (C:) is being stretched a bit thin. As you can see by the line below from your OTL you have minimal amount of free space on your primary hard drive.
Drive C: | 1850.39 Gb Total Space | 192.85 Gb Free Space | 10.42% Space Free | Partition Type: NTFS

Since the C drive is where your operating system resides it is vital to not over tax that drive. To ensure a smooth running system it is recommended that you have at minimum 20% free space. You appear to have ample other storage options available. You should try and remove/move some programs from the C drive and get the free space down to at least 20%, more if possible. This will help in the performance issues you are experiencing.

=========================

bullseye_zpse9eaf36e.gif P2P - (Peer to Peer)

I see you have/had P2P software Vuze installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections and possibly Identity Theft. It likely contributed to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P file-sharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall this now.

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:

  • Vuze
  • Azureus

If you choose to not remove this programs please refrain from using it until we have finished cleaning your computer.

=========================

bullseye_zpse9eaf36e.gif Please download AdwCleaner by Xplode and save to your Desktop.

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a log file (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that log file in your next reply.
  • A copy of all log files are saved in the C:\AdwCleaner folder which was created when running the tool.

=========================

What option did you choose after the Malwarebytes' scan? Clean?

=========================

In your next post please provide the following:

  • AdwCleaner[R0].txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

    Advertisements

Register to Remove


#26 leader2

leader2

    Authentic Member

  • Authentic Member
  • PipPip
  • 248 posts

Posted 31 March 2014 - 12:31 PM

Hi OCD

 

That information about my C drive showed before I cleaned it or while I was doing so. It's now got 850 GB free of the 1.80 tb total. 

 

Vuze has been removed.

 

I think AdwCleaner mentioned Torch or Torch handler and I would like to keep this please. Here is the log.

 

# AdwCleaner v3.022 - Report created 31/03/2014 at 13:33:13
# Updated 13/03/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : A Lamar - HP
# Running from : C:\Users\A Lamar\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
Service Found : torchcrashhandler
 
***** [ Files / Folders ] *****
 
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk
Folder Found : C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\Extensions\{77E8143B-6759-416E-B521-82CFED75150B}
Folder Found : C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\Extensions\{77e8143b-6759-416e-b521-82cfed75150b}
Folder Found C:\Program Files (x86)\orbitdownloader
Folder Found C:\ProgramData\torchcrashhandler
Folder Found C:\Users\A Lamar\AppData\Local\torch
Folder Found C:\Users\A Lamar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\torch
Folder Found C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\CT3288691
Folder Found C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\FCTB
Folder Found C:\Users\White\AppData\Local\PackageAware
Folder Found C:\Users\White\AppData\Roaming\Search Protection
Folder Found C:\WINDOWS\SysWOW64\AI_RecycleBin
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Download by Orbit
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Grab video by Orbit
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Do&wnload selected by Orbit
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Down&load all by Orbit
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\torch
Key Found : HKCU\Software\Orbit
Key Found : HKCU\Software\torch
Key Found : [x64] HKCU\Software\Orbit
Key Found : [x64] HKCU\Software\torch
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3F1D494B-0CEF-4468-96C9-386E2E4DEC90}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7854F00C-DC77-477E-A10E-603F48442D3B}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A0880527-DC28-4EBB-BA27-D22102F22A9F}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{BCDDE143-FAE3-4C57-B22B-C4E8678CFDC0}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Orbit_is1
Key Found : HKLM\Software\Orbit
Key Found : HKLM\Software\torch
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files (x86)\Orbitdownloader\orbitdm.exe]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files (x86)\Orbitdownloader\orbitnet.exe]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16518
 
 
-\\ Mozilla Firefox v29.0 (en-US)
 
[ File : C:\Users\White\AppData\Roaming\Mozilla\Firefox\Profiles\pk216cnh.default\prefs.js ]
 
 
[ File : C:\Users\A Lamar\AppData\Roaming\Mozilla\Firefox\Profiles\cfr080di.default\prefs.js ]
 
Line Found : user_pref("CT3288691.CONDUIT_UPDATE_lastTimeUpdateChecked.enc", -169189736);
Line Found : user_pref("CT3288691.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3288691.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3288691.FF19Solved", "true");
Line Found : user_pref("CT3288691.FirstTime", "true");
Line Found : user_pref("CT3288691.FirstTimeFF3", "true");
Line Found : user_pref("CT3288691.UserID", "UN64921707619691172");
Line Found : user_pref("CT3288691.addressBarTakeOverEnabledInHidden", "true");
Line Found : user_pref("CT3288691.addressUrlXPETakeover", "true");
Line Found : user_pref("CT3288691.autoDisableScopes", -1);
Line Found : user_pref("CT3288691.countryCode", "US");
Line Found : user_pref("CT3288691.defaultSearch", "false");
Line Found : user_pref("CT3288691.enableAlerts", "true");
Line Found : user_pref("CT3288691.enableFix404ByUser", "TRUE");
Line Found : user_pref("CT3288691.enableSearchFromAddressBar", "true");
Line Found : user_pref("CT3288691.firstTimeDialogOpened", "true");
Line Found : user_pref("CT3288691.fixPageNotFoundError", "true");
Line Found : user_pref("CT3288691.fixPageNotFoundErrorByUser", "true");
Line Found : user_pref("CT3288691.fixPageNotFoundErrorInHidden", "true");
Line Found : user_pref("CT3288691.fixUrls", true);
Line Found : user_pref("CT3288691.fullUserID", "UN64921707619691172.IN.20130711034329");
Line Found : user_pref("CT3288691.installDate", "11/07/2013 03:43:29");
Line Found : user_pref("CT3288691.installId", "stub.exe");
Line Found : user_pref("CT3288691.installSessionId", "{F36FD439-914E-4E45-988F-12039F5E31A7}");
Line Found : user_pref("CT3288691.installSp", "true");
Line Found : user_pref("CT3288691.installType", "conduitnsisintegration");
Line Found : user_pref("CT3288691.installUsage", "2013-07-11T21:05:56.1898269+03:00");
Line Found : user_pref("CT3288691.installUsageEarly", "2013-07-11T21:05:54.7546177+03:00");
Line Found : user_pref("CT3288691.installerVersion", "1.5.4.4");
Line Found : user_pref("CT3288691.isCheckedStartAsHidden", true);
Line Found : user_pref("CT3288691.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3288691.isFirstTimeToolbarLoading", "false");
Line Found : user_pref("CT3288691.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Found : user_pref("CT3288691.keyword", "true");
Line Found : user_pref("CT3288691.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3288691&octid=CT3288691&SearchSource=15&CUI=UN64921707619691172&SSPV=&Lay=1&UM=2\"}");
Line Found : user_pref("CT3288691.lastVersion", "10.16.4.519");
Line Found : user_pref("CT3288691.mam_gk_installer_preapproved.enc", "dHJ1ZQ==");
Line Found : user_pref("CT3288691.migrateAppsAndComponents", true);
Line Found : user_pref("CT3288691.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_SEARCH_TERM\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://DivXBrowserBar.OurToolbar.com/\",\"EB_[...]
Line Found : user_pref("CT3288691.openThankYouPage", "false");
Line Found : user_pref("CT3288691.openUninstallPage", "true");
Line Found : user_pref("CT3288691.originalSearchAddressUrl", "");
Line Found : user_pref("CT3288691.revertSettingsEnabled", "false");
Line Found : user_pref("CT3288691.search.searchAppId", "10000002");
Line Found : user_pref("CT3288691.search.searchCount", "0");
Line Found : user_pref("CT3288691.searchInNewTabEnabledByUser", "false");
Line Found : user_pref("CT3288691.searchInNewTabEnabledInHidden", "true");
Line Found : user_pref("CT3288691.searchRevert", "false");
Line Found : user_pref("CT3288691.searchSuggestEnabledByUser", "true");
Line Found : user_pref("CT3288691.searchUserMode", "2");
Line Found : user_pref("CT3288691.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3288691.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Found : user_pref("CT3288691.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Found : user_pref("CT3288691.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3288691\"}");
Line Found : user_pref("CT3288691.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://DivXBrowserBar.OurToolbar.com//xpi\"}");
Line Found : user_pref("CT3288691.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"DivX Browser Bar\"}");
Line Found : user_pref("CT3288691.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3288691.serviceLayer_services_Configuration_lastUpdate", "1374220455785");
Line Found : user_pref("CT3288691.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1373565958844");
Line Found : user_pref("CT3288691.serviceLayer_services_appsMetadata_lastUpdate", "1374221571586");
Line Found : user_pref("CT3288691.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1373565958605");
Line Found : user_pref("CT3288691.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1373565957324");
Line Found : user_pref("CT3288691.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1373565959232");
Line Found : user_pref("CT3288691.serviceLayer_services_login_10.16.4.19_lastUpdate", "1373777903092");
Line Found : user_pref("CT3288691.serviceLayer_services_login_10.16.4.519_lastUpdate", "1374220455924");
Line Found : user_pref("CT3288691.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1373565958658");
Line Found : user_pref("CT3288691.serviceLayer_services_searchAPI_lastUpdate", "1374220455821");
Line Found : user_pref("CT3288691.serviceLayer_services_serviceMap_lastUpdate", "1374220455590");
Line Found : user_pref("CT3288691.serviceLayer_services_toolbarContextMenu_lastUpdate", "1373565958555");
Line Found : user_pref("CT3288691.serviceLayer_services_toolbarSettings_lastUpdate", "1374221571516");
Line Found : user_pref("CT3288691.settingsINI", true);
Line Found : user_pref("CT3288691.shouldFirstTimeDialog", "false");
Line Found : user_pref("CT3288691.showToolbarPermission", "false");
Line Found : user_pref("CT3288691.smartbar.CTID", "CT3288691");
Line Found : user_pref("CT3288691.smartbar.Uninstall", "0");
Line Found : user_pref("CT3288691.smartbar.toolbarName", "DivX Browser Bar ");
Line Found : user_pref("CT3288691.startPage", "false");
Line Found : user_pref("CT3288691.toolbarBornServerTime", "11-7-2013");
Line Found : user_pref("CT3288691.toolbarCurrentServerTime", "19-7-2013");
Line Found : user_pref("CT3288691.toolbarLoginClientTime", "Thu Jul 11 2013 14:05:58 GMT-0400 (Eastern Standard Time)");
Line Found : user_pref("CT3288691.versionFromInstaller", "10.16.4.19");
Line Found : user_pref("CT3288691.xpeMode", "3");
Line Found : user_pref("CT3288691_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1374221561358,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Found : user_pref("extensions.51de60d93af7d.scode", "if(window.self==window.top){var script=document.createElement(\"script\");script.type=\"text/javascript\";script.src=\"//cdncache-a.akamaihd.net/loaders/15[...]
Line Found : user_pref("extensions.freecorder@freecorder.com.menuitems", "[{\"name\":\"Freecorder Menu Header\",\"img\":\"hxxp://freecorder.com/fc8/ui/buttons/menu_header.png\",\"width\":225,\"height\":65},{\"name[...]
Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.21.KeywordHistory", "gpt%7Ccash%2520videos%7Cfirefox%2520add%2520on%7Ccash%2520crate%2520inboxdollars%7Cpaid%2520viewpoint%7Csuper%2520nintendo%7Cc[...]
Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.AutoSearchEventData", "auto%20search");
Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.ClearCacheDate", 17);
Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.DNSCatch", true);
Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.DisplayEULA", true);
Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.DnsCatchEventData", "dns%20catch");
Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.EBOMode", false);
Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.EnableDCAData_xx", true);
Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.EnableDCA_xx", false);
Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.FirstLaunchShown", true);
Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.InstallDomain", "inboxdollars.com");
Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.InstallType", "one_click");
Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.LoadLayoutDate.62133", 17);
Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.NewTabSearchEventData", "tab%20search");
Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.ShowRecommendedOptions", true);
Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.StateReportDate", "1376741555826");
Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.TopRightSearchEventData", "top%20right%20search");
Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.beforeInstallSaved", true);
Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.beforeinstall.homepage", "chrome%3A//branding/locale/browserconfig.properties");
Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.beforeinstall.search", "Google");
Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.comp.search.21.engine_img", "aHR0cDovL3MzaW1hZ2VzLmZyZWVjYXVzZS5jb20uczMuYW1hem9uYXdzLmNvbS9jb3R0ZXJ3ZWIvMTZ4MTZiaWxseS5wbmc%3D");
Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.comp.search.21.engine_url", "aHR0cDovL3d3dy5pbmJveGRvbGxhcnMuY29tL3NlYXJjaC9yZXN1bHRzP3E9");
Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.comp.search.21.text", "Search%20and%20Earn%20Cash%21");
Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.comp.search.21.width", "249");
Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.customNewTab", false);
Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.dcaDefaultMode", false);
Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.dcaShowInstallerPage", false);
Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.dcaShowSurvey", true);
Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.helpUsImprove", true);
Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.hidden.login", true);
Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.hidden.promo", true);
Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.hidden.signup", true);
Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.hideOthers", true);
Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.partnerauth", false);
Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.processAddrBar", false);
Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.remove_homepage", true);
Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.remove_search", true);
Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.restoreSearch", false);
Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.searchHistory", true);
Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.session", "F9AAE33F6220838039AAE3D70465DB07DF2D675940A46C7E1CCD59C9695E3F3D6F4BA704C0C75FD00C22EAEAB0A93F2516B3ADD6EC5B5FC6DF141171AA2A6976FCF80CDB[...]
Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.showFirstLaunchOptions", false);
Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.tb_lang", "en");
Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.tool_id", "62133");
Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.user_id", "127253861");
Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.user_key", "a587ff34ef0f46239a7d064b5c0f0f9128624215");
Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.user_layouts", "62133");
Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.user_lnames", "InboxDollars");
Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.xml_service_url", "6bb94bbf55fe2f255901a560824a6ebe");
Line Found : user_pref("freecauseceff3aa1bfdcf434c52d922216a9cdf5.yahooSearch", false);
Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.46.KeywordHistory", "who%2527s%2520who%2520in%2520basketball%2520presents%2520pro%2520basketball%2520preview%7Cwho%2527s%2520who%2520in%2520basketb[...]
Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.AutoSearchEventData", "auto%20search");
Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.ClearCacheDate", 17);
Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.DNSCatch", true);
Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.DisplayEULA", true);
Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.DnsCatchEventData", "dns%20catch");
Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.EBOMode", false);
Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.EnableDCAData_xx", true);
Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.EnableDCA_xx", false);
Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.FirstLaunchShown", true);
Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.InstallDomain", "fusioncash.net");
Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.InstallType", "one_click");
Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.LoadLayoutDate.100611", 17);
Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.NewTabSearchEventData", "tab%20search");
Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.ShowRecommendedOptions", true);
Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.StateReportDate", "1376741555831");
Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.TopRightSearchEventData", "top%20right%20search");
Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.beforeInstallSaved", true);
Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.beforeinstall.homepage", "chrome%3A//branding/locale/browserconfig.properties");
Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.beforeinstall.search", "Google");
Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.comp.affiliate.118.disabled", false);
Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.customNewTab", false);
Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.dcaDefaultMode", false);
Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.dcaShowInstallerPage", false);
Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.dcaShowSurvey", true);
Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.helpUsImprove", true);
Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.hideOthers", true);
Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.partnerauth", false);
Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.processAddrBar", false);
Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.restoreSearch", false);
Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.runcmd.", "1376542133");
Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.searchHistory", true);
Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.session", "0D03C13130C40D2C8164B4456188C2C3460974130F89E8C2BC592ABA8114D434F8736CBBDB0F19664D20C39742E8C4F008F519F63FAA236022E7E1D7DDD95FD842ED0AA8[...]
Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.showFirstLaunchOptions", false);
Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.tb_lang", "en");
Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.tool_id", "100611");
Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.user_id", "127253769");
Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.user_key", "62eaf4169fbb6951370761550e6402bd3d881aa8");
Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.user_layouts", "100611");
Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.user_lnames", "FusionCash%20Toolbar");
Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.xml_service_url", "6bb94bbf55fe2f255901a560824a6ebe");
Line Found : user_pref("freecauseef914f7f701eb87485f89a53e30326d5.yahooSearch", false);
Line Found : user_pref("smartbar.addressBarOwnerCTID", "CT3288691");
Line Found : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3288691&SearchSource=2&CUI=UN64921707619691172&UM=2&q=");
Line Found : user_pref("smartbar.machineId", "A1Q/HKFJCNBREH50L3SGCEC9JQN+BTA9PMMVRD4XXGUC5J4K0XTQRPW+DRC+YTJTKCS27XJBAFXUOXL3PUD3DA");
 
-\\ Google Chrome v33.0.1750.154
 
[ File : C:\Users\White\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\A Lamar\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Eurceliakins\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [22366 octets] - [31/03/2014 00:24:33]
AdwCleaner[R1].txt - [22269 octets] - [31/03/2014 13:33:13]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [22330 octets] ##########
 
 
On Malwarebytes... I think I tried to clean the entries and it would only allow me to quarantine them. I apologize that I can't quite remember after the scan completed what exactly happened, but I don't think they were completely cleaned off.


#27 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 31 March 2014 - 01:01 PM

Hi leader2,
 

On Malwarebytes... I think I tried to clean the entries and it would only allow me to quarantine them. I apologize that I can't quite remember after the scan completed what exactly happened, but I don't think they were completely cleaned off.

Quarantine is good, thank you. :thumbup:

=========================
 

I think AdwCleaner mentioned Torch or Torch handler and I would like to keep this please


bullseye_zpse9eaf36e.gif Re- run AdwCleaner

It should be on your desktop

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • Click each tab and remove the check mark from the items you wish to keep.
  • Then click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that log file in your next reply.
  • A copy of that log file will also be saved in the C:\AdwCleaner folder.

=========================

bullseye_zpse9eaf36e.gif Download Farbar Recovery Scan Tool and save to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click and select "Run as Administrator" to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply

=========================

Access System Restore and see what Restore Points are available. Do not restore at this time. I would just like the information that's available.

=========================

In your next post please provide the following:

  • AdwCleaner[S0].txt
  • FRST.txt
  • Additon.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#28 leader2

leader2

    Authentic Member

  • Authentic Member
  • PipPip
  • 248 posts

Posted 31 March 2014 - 04:24 PM

Hi OCD

 

Thanks for letting me know the quarantine went ok. :) I hadn't seen the new Malwarebytes before and was a bit confused since I was used to the old interface.

 

Before we proceed further I had a question.

 

I cleaned with Adwcleaner and unchecked the option about torch handler before I cleaned. This was the only thing that showed up and was checked on the first tab, but I forgot to check the other tabs by mistake. When I rebooted the computer my Torch browser was uninstalled and my settings were gone when I reinstalled. Is there a way I can undo the Adwcleaner to get my torch browser back and then redo the clean properly?



#29 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 31 March 2014 - 05:16 PM

Hi leader2,

Go here and review how to restore from the Quarantine folder. If items are present.
http://general-chang...3-x#quarantaine

  • Open AdwCleaner > Tools > Quarantine Manager
  • Locate items you wish to have restored and place a check mark in the respective boxes.
  • Next click the Restore button.
  • A report of the restored items should appear.

bullseye_zpse9eaf36e.gif Reboot

=========================
 
Check results. If unsuccessful, you may be able to use System Restore and roll back to a previous date or just reinstall Torch. But I doubt a reinstall would restore your settings.

=========================

In your next post please provide the following:

  • Results from the above step.
  • AdwCleaner[S0].txt from this previous run of AdwCleaner
  • FRST.txt
  • Addition.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#30 leader2

leader2

    Authentic Member

  • Authentic Member
  • PipPip
  • 248 posts

Posted 02 April 2014 - 08:06 AM

In your next post please provide the following:

  • Results from the above step.
  • AdwCleaner[S0].txt from this previous run of AdwCleaner
  • FRST.txt
  • Addition.txt

When I tried to post all these logs my browser kept crashing so I attached them for you. I think they were too large to post here.

Attached Files


Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users