track.effiliation Solved

Question

Hello,I am registered on Igraal. However, for some time now, every time I activate the Igraal bar, the page of the site turns white and there is this in the page info:http://track.effiliation.com/servlet/effi.click?id_compteur=12356882&effi_id=igraal16ef4ae743__tHow can I fix this issue???Thanks in advanceConfiguration: Windows 7 / Chrome 23.0.1271.97

juju666 · Answer

Hello,  igraal is suspicious and is tracking (information theft).  I suggest we delete it together, okay?  See you +  --  .::. Security Contributor - Admin FEC Forums .::.

gwendu41000 · Answer

yet I have been using it for years without any particular problem. I am willing to delete it.

juju666 · Answer

Well, in your opinion, why is it removed by plenty of disinfecting software? lol

▶ Download from this page: AdwCleaner (by Xplode)

▶ Run it

click on Remove and wait for the cleaning process to finish.

▶ Post the content of the report that you will find on your hard drive c:\ADwcleaner[Sx].txt or its content if it opens.

--
.::. Security Contributor - Admin FEC Forums .::.

gwendu41000 · Answer

REPORT:

# AdwCleaner v2.105 - Report created on 09/01/2013 at 09:29:36
# Updated on 08/01/2013 by Xplode
# Operating System: Windows 7 Home Premium Service Pack 1 (64 bits)
# Username: damsgwennoa - DAMSGWENNOA-PC
# Boot Mode: Normal
# Executed from: C:\Users\damsgwennoa\Downloads\AdwCleaner.exe
# Option [Removal]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted: C:\Program Files (x86)\BrowserCompanion
Folder Deleted: C:\Program Files (x86)\Conduit
Folder Deleted: C:\Program Files (x86)\EoRezo
Folder Deleted: C:\Program Files (x86)\Mozilla Firefox\Extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}
Folder Deleted: C:\Program Files (x86)\Mozilla Firefox\Extensions\ffxtlbr@babylon.com
Folder Deleted: C:\Program Files (x86)\OfferBox
Folder Deleted: C:\ProgramData\Babylon
Folder Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EoRezo
Folder Deleted: C:\Users\damsgwennoa\AppData\Local\Conduit
Folder Deleted: C:\Users\damsgwennoa\AppData\Local\EoJet
Folder Deleted: C:\Users\damsgwennoa\AppData\Local\EoRezo
Folder Deleted: C:\Users\damsgwennoa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf
Folder Deleted: C:\Users\damsgwennoa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgficikadnmmefckdecajlmffkbagomp
Folder Deleted: C:\Users\damsgwennoa\AppData\LocalLow\BabylonToolbar
Folder Deleted: C:\Users\damsgwennoa\AppData\LocalLow\bbrs_002.tb
Folder Deleted: C:\Users\damsgwennoa\AppData\LocalLow\Billeo
Folder Deleted: C:\Users\damsgwennoa\AppData\LocalLow\Conduit
Folder Deleted: C:\Users\damsgwennoa\AppData\LocalLow\jeuxob.fr
Folder Deleted: C:\Users\damsgwennoa\AppData\LocalLow\PriceGong
Folder Deleted: C:\Users\damsgwennoa\AppData\LocalLow\SweetIM
Folder Deleted: C:\Users\damsgwennoa\AppData\LocalLow\Toolbar4
Folder Deleted: C:\Users\damsgwennoa\AppData\Roaming\Babylon
Folder Deleted: C:\Users\damsgwennoa\AppData\Roaming\BrowserCompanion
Folder Deleted: C:\Users\damsgwennoa\AppData\Roaming\cacaoweb
Folder Deleted: C:\Users\damsgwennoa\AppData\Roaming\EoRezo
Folder Deleted: C:\Users\damsgwennoa\AppData\Roaming\HBLite
Folder Deleted: C:\Users\damsgwennoa\AppData\Roaming\Mozilla\Firefox\Profiles\yie946gp.default\Conduit
Folder Deleted: C:\Users\damsgwennoa\AppData\Roaming\Mozilla\Firefox\Profiles\yie946gp.default\ConduitCommon
Folder Deleted: C:\Users\damsgwennoa\AppData\Roaming\Mozilla\Firefox\Profiles\yie946gp.default\extensions\bbrs_002@blabbers.com
Folder Deleted: C:\Users\damsgwennoa\AppData\Roaming\Mozilla\Firefox\Profiles\yie946gp.default\extensions\cacaoweb@cacaoweb.org
Folder Deleted: C:\Users\damsgwennoa\AppData\Roaming\OfferBox
Folder Deleted: C:\Users\damsgwennoa\AppData\Roaming\OpenCandy
File Deleted: C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Deleted: C:\Users\damsgwennoa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcbhn.lnk
File Deleted: C:\Users\damsgwennoa\AppData\Roaming\Mozilla\Firefox\Profiles\yie946gp.default\searchplugins\Conduit.xml
File Deleted: C:\Users\damsgwennoa\AppData\Roaming\Mozilla\Firefox\Profiles\yie946gp.default\searchplugins\MyStart Search.xml
File Deleted: C:\Users\damsgwennoa\AppData\Roaming\Mozilla\Firefox\Profiles\yie946gp.default\searchplugins\Web Search.xml
File Deleted: C:\Users\damsgwennoa\AppData\Roaming\Mozilla\Firefox\Profiles\yie946gp.default\searchplugins\yahoo-zugo.xml

***** [Registry] *****

Key Deleted: HKCU\Software\AppDataLow\Software\Conduit
Key Deleted: HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted: HKCU\Software\AppDataLow\Software\jeuxob.fr
Key Deleted: HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted: HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted: HKCU\Software\Billeo
Key Deleted: HKCU\Software\Blabbers
Key Deleted: HKCU\Software\cacaoweb
Key Deleted: HKCU\Software\EoRezo
Key Deleted: HKCU\Software\IM
Key Deleted: HKCU\Software\ImInstaller
Key Deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Key Deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531}
Key Deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F78E6501-B9DE-48B9-B86C-6DA8542CCC4E}
Key Deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}
Key Deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Key Deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87EAB409-97D7-4889-ACFA-C548FC6F3ECF}
Key Deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531}
Key Deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DC4AB053-EB62-445B-A802-E7D0111BBDCC}
Key Deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F78E6501-B9DE-48B9-B86C-6DA8542CCC4E}
Key Deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}
Key Deleted: HKCU\Software\Offerbox
Key Deleted: HKCU\Software\Softonic
Key Deleted: HKCU\Software\Zugo
Key Deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0388404D-6072-4CEB-B521-8F090FEAEE57}
Key Deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C}
Key Deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted: HKLM\Software\Babylon
Key Deleted: HKLM\Software\BrowserCompanion
Key Deleted: HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Key Deleted: HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted: HKLM\SOFTWARE\Classes\AppID\{AFBB7970-789A-4264-BA70-E8127DECE400}
Key Deleted: HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Key Deleted: HKLM\SOFTWARE\Classes\AppID\EoEngineBHO.DLL
Key Deleted: HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted: HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Key Deleted: HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Key Deleted: HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted: HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted: HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\base64
Key Deleted: HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\chrome
Key Deleted: HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\prox
Key Deleted: HKLM\SOFTWARE\Classes\tdataprotocol.CTData
Key Deleted: HKLM\SOFTWARE\Classes\tdataprotocol.CTData.1
Key Deleted: HKLM\SOFTWARE\Classes\Toolbar.CT1561552
Key Deleted: HKLM\SOFTWARE\Classes\Toolbar.CT2545112
Key Deleted: HKLM\SOFTWARE\Classes\Toolbar.CT2612669
Key Deleted: HKLM\SOFTWARE\Classes\Toolbar.CT2724386
Key Deleted: HKLM\SOFTWARE\Classes\Toolbar.CT3214568
Key Deleted: HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted: HKLM\SOFTWARE\Classes\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D}
Key Deleted: HKLM\SOFTWARE\Classes\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833}
Key Deleted: HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A}
Key Deleted: HKLM\SOFTWARE\Classes\updatebho.TimerBHO
Key Deleted: HKLM\SOFTWARE\Classes\updatebho.TimerBHO.1
Key Deleted: HKLM\Software\Conduit
Key Deleted: HKLM\Software\EoRezo
Key Deleted: HKLM\Software\Iminent
Key Deleted: HKLM\Software\ImInstaller
Key Deleted: HKLM\Software\jeuxob.fr
Key Deleted: HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted: HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4D1EC4CA-4B92-4324-B8F8-C9A6ED06A8AE}
Key Deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4E674574-3F0B-491D-8AE3-F90B43A34FD6}
Key Deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DC4AB053-EB62-445B-A802-E7D0111BBDCC}
Key Deleted: HKLM\Software\Offerbox
Key Deleted: HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted: HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1}
Key Deleted: HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531}
Key Deleted: HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted: HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F78E6501-B9DE-48B9-B86C-6DA8542CCC4E}
Key Deleted: HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted: HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Key Deleted: HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted: HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Key Deleted: HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted: HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom
Key Deleted: HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bodddioamolcibagionmmobehnbhiakf
Key Deleted: HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kgficikadnmmefckdecajlmffkbagomp
Key Deleted: HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted: HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7}
Key Deleted: HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted: HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted: HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted: HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531}
Key Deleted: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F78E6501-B9DE-48B9-B86C-6DA8542CCC4E}
Key Deleted: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion
Key Deleted: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\eoEngine_is1
Key Deleted: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EoRezo_is1
Key Deleted: HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted: HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted: HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted: HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Key Deleted: HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted: HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Key Deleted: HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted: HKLM\SOFTWARE\Classes\Interface\{B32966A2-F7C2-4362-A6CF-399EC8B44110}
Key Deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted: HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C}
Value Deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{F78E6501-B9DE-48B9-B86C-6DA8542CCC4E}]
Value Deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [cacaoweb]
Value Deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{F78E6501-B9DE-48B9-B86C-6DA8542CCC4E}]
Value Deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [EoWeather]
Value Deleted: HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted: HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted: HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{F78E6501-B9DE-48B9-B86C-6DA8542CCC4E}]
Value Deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

Replaced: [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=115284&tt=4312_7&babsrc=NT_ss&mntrId=9882d626000000000000f80f410114ca --> hxxp://www.google.com

-\\ Mozilla Firefox v17.0.1 (fr)

File: C:\Users\damsgwennoa\AppData\Roaming\Mozilla\Firefox\Profiles\24f5iyvf.default\prefs.js

[OK] The file contains no illegitimate entries.

File: C:\Users\damsgwennoa\AppData\Roaming\Mozilla\Firefox\Profiles\yie946gp.default\prefs.js

C:\Users\damsgwennoa\AppData\Roaming\Mozilla\Firefox\Profiles\yie946gp.default\user.js ... Deleted!

Deleted: user_pref("CT1561552_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted: user_pref("CT2724386..clientLogIsEnabled", true);
Deleted: user_pref("CT2724386..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted: user_pref("CT2724386..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted: user_pref("CT2724386.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted: user_pref("CT2724386.AppTrackingLastCheckTime", "Sat Oct 01 2011 10:49:31 GMT+0200");
Deleted: user_pref("CT2724386.BrowserCompStateIsOpen_129464706887642629", true);
Deleted: user_pref("CT2724386.CT2724407.CommunityChanged", true);
Deleted: user_pref("CT2724386.CT2724407.alertChannelId", "1116673");
Deleted: user_pref("CT2724386.CT2724431.CommunityChanged", true);
Deleted: user_pref("CT2724386.CT2724431.alertChannelId", "1116697");
Deleted: user_pref("CT2724386.CT2727162.CommunityChanged", true);
Deleted: user_pref("CT2724386.CT2727162.alertChannelId", "1119424");
Deleted: user_pref("CT2724386.CT2727622.CommunityChanged", true);
Deleted: user_pref("CT2724386.CT2727622.alertChannelId", "1119884");
Deleted: user_pref("CT2724386.CT2727646.CommunityChanged", true);
Deleted: user_pref("CT2724386.CT2727646.alertChannelId", "1119908");
Deleted: user_pref("CT2724386.CT2727678.CommunityChanged", true);
Deleted: user_pref("CT2724386.CT2727678.alertChannelId", "1119940");
Deleted: user_pref("CT2724386.CT2727750.CommunityChanged", true);
Deleted: user_pref("CT2724386.CT2727750.alertChannelId", "1120012");
Deleted: user_pref("CT2724386.CTID", "CT2724386");
Deleted: user_pref("CT2724386.CommunitiesChangesLastCheckTime", "Sat Oct 08 2011 17:34:13 GMT+0200");
Deleted: user_pref("CT2724386.CommunitiesChangesLastUrl", "hxxp://grouping.services.conduit.com/GroupingReque[...]
Deleted: user_pref("CT2724386.CommunityChanged", true);
Deleted: user_pref("CT2724386.CurrentServerDate", "8-10-2011");
Deleted: user_pref("CT2724386.DialogsAlignMode", "LTR");
Deleted: user_pref("CT2724386.DialogsGetterLastCheckTime", "Thu Oct 06 2011 21:10:52 GMT+0200");
Deleted: user_pref("CT2724386.DownloadReferralCookieData", "");
Deleted: user_pref("CT2724386.FirstServerDate", "25-5-2011");
Deleted: user_pref("CT2724386.FirstTime", true);
Deleted: user_pref("CT2724386.FirstTimeFF3", true);
Deleted: user_pref("CT2724386.FixPageNotFoundErrors", false);
Deleted: user_pref("CT2724386.GroupingLastCheckTime", "Sat Oct 08 2011 13:25:21 GMT+0200");
Deleted: user_pref("CT2724386.GroupingLastErrorCode", "");
Deleted: user_pref("CT2724386.GroupingLastResponse", true);
Deleted: user_pref("CT2724386.GroupingLastServerUpdateTime", "129590912300000000");
Deleted: user_pref("CT2724386.GroupingServerCheckInterval", 1440);
Deleted: user_pref("CT2724386.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted: user_pref("CT2724386.HasUserGlobalKeys", true);
Deleted: user_pref("CT2724386.HomePageProtectorEnabled", false);
Deleted: user_pref("CT2724386.Initialize", true);
Deleted: user_pref("CT2724386.InitializeCommonPrefs", true);
Deleted: user_pref("CT2724386.InstallationAndCookieDataSentCount", 3);
Deleted: user_pref("CT2724386.InstallationId", "StubInstaller");
Deleted: user_pref("CT2724386.InstallationType", "ConduitIntegration");
Deleted: user_pref("CT2724386.InstalledDate", "Tue May 24 2011 23:57:04 GMT+0200");
Deleted: user_pref("CT2724386.InvalidateCache", false);
Deleted: user_pref("CT2724386.IsAlertDBUpdated", true);
Deleted: user_pref("CT2724386.IsGrouping", true);
Deleted: user_pref("CT2724386.IsMulticommunity", false);
Deleted: user_pref("CT2724386.IsOpenThankYouPage", false);
Deleted: user_pref("CT2724386.IsOpenUninstallPage", true);
Deleted: user_pref("CT2724386.LanguagePackLastCheckTime", "Sat Oct 08 2011 13:25:22 GMT+0200");
Deleted: user_pref("CT2724386.LanguagePackReloadIntervalMM", 1440);
Deleted: user_pref("CT2724386.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted: user_pref("CT2724386.LastLogin_3.3.3.2", "Thu Jun 16 2011 17:32:59 GMT+0200");
Deleted: user_pref("CT2724386.LastLogin_3.3.5.1", "Fri Jul 01 2011 10:10:12 GMT+0200");
Deleted: user_pref("CT2724386.LastLogin_3.5.0.12", "Mon Aug 15 2011 23:31:11 GMT+0200");
Deleted: user_pref("CT2724386.LastLogin_3.6.0.10", "Wed Sep 28 2011 07:35:30 GMT+0200");
Deleted: user_pref("CT2724386.LastLogin_3.7.0.6", "Sat Oct 08 2011 17:34:14 GMT+0200");
Deleted: user_pref("CT2724386.LatestVersion", "3.7.0.6");
Deleted: user_pref("CT2724386.Locale", "en");
Deleted: user_pref("CT2724386.MCDetectTooltipHeight", "83");
Deleted: user_pref("CT2724386.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted: user_pref("CT2724386.MCDetectTooltipWidth", "295");
Deleted: user_pref("CT2724386.MyStuffEnabledAtInstallation", true);
Deleted: user_pref("CT2724386.RadioIsPodcast", false);
Deleted: user_pref("CT2724386.RadioLastCheckTime", "Fri Aug 12 2011 01:13:23 GMT+0200");
Deleted: user_pref("CT2724386.RadioLastUpdateIPServer", "3");
Deleted: user_pref("CT2724386.RadioLastUpdateServer", "129249036863500000");
Deleted: user_pref("CT2724386.RadioMediaID", "21080104");
Deleted: user_pref("CT2724386.RadioMediaType", "Media Player");
Deleted: user_pref("CT2724386.RadioMenuSelectedID", "EBRadioMenu_CT2724386_RECENT21080104");
Deleted: user_pref("CT2724386.RadioShrinkedFromSetup", false);
Deleted: user_pref("CT2724386.RadioStationName", "Underground%20Rap");
Deleted: user_pref("CT2724386.RadioStationURL", "hxxp://Raw.RauteMusik.FM/listen.asx");
Deleted: user_pref("CT2724386.RadioVolume", "96");
Deleted: user_pref("CT2724386.SHRINK_TOOLBAR", 1);
Deleted: user_pref("CT2724386.SearchBoxWidth", 149);
Deleted: user_pref("CT2724386.SearchEngineBeforeUnload", "Google");
Deleted: user_pref("CT2724386.SearchFromAddressBarIsInit", true);
Deleted: user_pref("CT2724386.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT272[...]
Deleted: user_pref("CT2724386.SearchInNewTabEnabled", true);
Deleted: user_pref("CT2724386.SearchInNewTabIntervalMM", 1440);
Deleted: user_pref("CT2724386.SearchInNewTabLastCheckTime", "Sat Oct 08 2011 13:25:21 GMT+0200");
Deleted: user_pref("CT2724386.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted: user_pref("CT2724386.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Deleted: user_pref("CT2724386.SearchProtectorEnabled", false);
Deleted: user_pref("CT2724386.SearchProtectorToolbarDisabled", true);
Deleted: user_pref("CT2724386.ServiceMapLastCheckTime", "Fri Oct 07 2011 18:55:05 GMT+0200");
Deleted: user_pref("CT2724386.SettingsLastCheckTime", "Sat Oct 08 2011 17:02:25 GMT+0200");
Deleted: user_pref("CT2724386.SettingsLastUpdate", "1314606830");
Deleted: user_pref("CT2724386.SuggestWindowWidth", "94");
Deleted: user_pref("CT2724386.ThirdPartyComponentsInterval", 504);
Deleted: user_pref("CT2724386.ThirdPartyComponentsLastCheck", "Wed Sep 28 2011 18:02:31 GMT+0200");
Deleted: user_pref("CT2724386.ThirdPartyComponentsLastUpdate", "1312887586");
Deleted: user_pref("CT2724386.ToolbarDisabled", true);
Deleted: user_pref("CT2724386.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2724386");
Deleted: user_pref("CT2724386.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted: user_pref("CT2724386.UserID", "UN22902292249720402");
Deleted: user_pref("CT2724386.ValidationData_Search", 2);
Deleted: user_pref("CT2724386.ValidationData_Toolbar", 2);
Deleted: user_pref("CT2724386.WeatherNetwork", "");
Deleted: user_pref("CT2724386.WeatherPollDate", "Fri Aug 12 2011 09:31:03 GMT+0200");
Deleted: user_pref("CT2724386.WeatherUnit", "C");
Deleted: user_pref("CT2724386.alertChannelId", "1116652");
Deleted: user_pref("CT2724386.components.1000048", false);
Deleted: user_pref("CT2724386.components.1000080", false);
Deleted: user_pref("CT2724386.components.1000082", false);
Deleted: user_pref("CT2724386.components.1000234", false);
Deleted: user_pref("CT2724386.components.129248963349915487", false);
Deleted: user_pref("CT2724386.components.129248964061947202", false);
Deleted: user_pref("CT2724386.components.129248964422728031", false);
Deleted: user_pref("CT2724386.components.129464706887642629", false);
Deleted: user_pref("CT2724386.components.129464706887955131", false);
Deleted: user_pref("CT2724386.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted: user_pref("CT2724386.globalFirstTimeInfoLastCheckTime", "Sat Oct 08 2011 17:34:14 GMT+0200");
Deleted: user_pref("CT2724386.homepageProtectorEnableByLogin", true);
Deleted: user_pref("CT2724386.initDone", true);
Deleted: user_pref("CT2724386.isAppTrackingManagerOn", true);
Deleted: user_pref("CT2724386.isFirstRadioInstallation", false);
Deleted: user_pref("CT2724386.myStuffEnabled", true);
Deleted: user_pref("CT2724386.myStuffPublihserMinWidth", 400);
Deleted: user_pref("CT2724386.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted: user_pref("CT2724386.myStuffServiceIntervalMM", 1440);
Deleted: user_pref("CT2724386.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted: user_pref("CT2724386.oldAppsList", "200,129248961427290040,129248961427290041,1000048,111,1000234,12[...]
Deleted: user_pref("CT2724386.revertSettingsEnabled", false);
Deleted: user_pref("CT2724386.searchProtectorDialogDelayInSec", 10);
Deleted: user_pref("CT2724386.searchProtectorEnableByLogin", true);
Deleted: user_pref("CT2724386.testingCtid", "");
Deleted: user_pref("CT2724386.toolbarAppMetaDataLastCheckTime", "Fri Oct 07 2011 18:55:05 GMT+0200");
Deleted: user_pref("CT2724386.toolbarContextMenuLastCheckTime", "Fri Oct 07 2011 18:55:06 GMT+0200");
Deleted: user_pref("CT2724386.usagesFlag", 2);
Deleted: user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2612669&Search[...]
Deleted: user_pref("CommunityToolbar.ConduitSearchList", "IMVU Inc Customized Web Search");
Deleted: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1005466/1001181/FR", "\"0\"[...]
Deleted: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1116652/1112356/FR", "\"0\"[...]
Deleted: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1116673/1112377/FR", "\"0\"[...]
Deleted: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1116697/1112401/FR", "\"0\"[...]
Deleted

juju666 · Answer

Waaaw, you're loaded with adware :(  &#9654 Download and install Malwarebytes' Anti-Malware (MBAM).  &#9654 Run it. Accept the update.    &#x25CF; Only in case of update issues:  &#x25CF; Download manual MBAM updates  &#x25CF; Run the file after installing MBAM    &#9654 Select "Run a full scan" &#9654 Click "Search" &#9654 The scan starts, it’s relatively long, that’s normal.  At the end of the scan, a message appears:   Quote:   The scan completed normally. Click on 'View Results' to see all the items found.  &#9654 Click "Ok" to continue. If MBAM didn’t find anything, it will also let you know. &#9654 Close your browsers. &#9654 If malware has been detected, click on View Results. &#9654 Select all (or leave checked) and click Remove Selection, MBAM will delete the files and registry keys and put a copy in quarantine.  MBAM will open Notepad and copy the scan report there: close it.  If MBAM asks to restart the PC: &#9654 do it.  Upon restart, reopen MBAM, go to the "Report/Logs" tab, copy/paste the one corresponding to the scan performed.  --  .::. Security Contributor - Admin FEC Forums .::.

gwendu41000 · Answer

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.09.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
damsgwennoa :: DAMSGWENNOA-PC [administrator]

Protection: Enabled

01/09/2013 12:00:56
mbam-log-2013-01-09 (12-00-56).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristic/Extra | Heuristic/Shuriken | PUP | PUM
Scan options disabled: P2P
Item(s) scanned: 389808
Elapsed time: 1 hour(s), 55 second(s)

Detected memory processes: 0
(No malicious items detected)

Detected memory modules: 0
(No malicious items detected)

Detected Registry key(s): 0
(No malicious items detected)

Detected Registry value(s): 0
(No malicious items detected)

Detected Registry data item(s): 0
(No malicious items detected)

Detected folder(s): 0
(No malicious items detected)

Detected file(s): 4
C:\Users\damsgwennoa\Downloads\SoftonicDownloader_for_fbdownloader.exe (PUP.OfferBundler.ST) -> Successfully quarantined and removed.
C:\Users\damsgwennoa\Downloads\SoftonicDownloader_for_tunatic(1).exe (PUP.OfferBundler.ST) -> Successfully quarantined and removed.
C:\Users\damsgwennoa\Downloads\SoftonicDownloader_for_tunatic.exe (PUP.OfferBundler.ST) -> Successfully quarantined and removed.
C:\Users\damsgwennoa\Downloads\WebPlayer.exe (Adware.Dropper) -> Successfully quarantined and removed.

(end)

juju666 · Answer

Avoid downloading from Softonic and 01Net, they're trash!

Be careful what you install:
Additional software is often offered (toolbars, adware) through the installation of free software in general or via certain download sites like Softonic or 01Net.
The publisher makes money with each successful installation of these additional programs (kind of sponsorship), and your PC ends up with toolbars that slow down the browser or adware that opens ad popups.
The toolbars are there to affiliate you to a service (search engine from Yahoo! or Google), they add functionalities but generally browsers have them by default.
Moreover, they record the sites you visit to transmit (tracking) for targeted advertising, which isn't great for privacy protection.
Multiple toolbars slow down the PC and can crash web browsers.
In the end, it's not recommended to use them.

Finally, the accumulation of these programs slows down the computer/web browser.

These additional programs are offered during the installation of programs and very often these add-ons are pre-checked.
Therefore, when you install a program, be sure to read what's offered because you might end up installing toolbars without realizing it.

Read about PUPs/LPIs: https://www.malekal.com/adwares-pup-protection/

See also: http://tigzyrk.blogspot.be/2012/06/info-01net-comment-monetiser-sur-le-dos.html

=========================

Download here: OTL

▶ save it to your Desktop.

if you have XP => double click
if you have Vista or Windows 7 => right-click "run as...."

on OTL.exe to launch it.

▶ Click here to see the Configuration
Note: if the option "With 64-bit scans" appears, check it.

▶ Copy and paste the content below in bold into the lower part of OTL "Customization"

/md5start
explorer.exe
winlogon.exe
wininit.exe
services.exe
volsnap.sys
atapi.sys
ndisuio.sys
net.exe
tdx.sys
netbt.sys
afd.sys
net1.exe
Rundll32.exe
/md5stop
netsvcs
safebootminimal
safebootnetwork
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\system32\*.ini
%systemroot%\Tasks\*.*
%systemroot%\system32\Tasks\*.*
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\config\*.exe /s
%systemroot%\system32\*.sys
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
CREATERESTOREPOINT
SAVEMBR:0

▶ Click on Analyze.

At the end of the scan, Notepad will open with the report (OTL.txt).

This file is on your Desktop (generally C:\Documents and settings\your_username\<Desktop>\OTL.txt)

▶▶▶ DO NOT POST IT ON THE FORUM (it's too long)

host OTL.txt and extra.txt on FEC Upload and provide the obtained links in return

--
.::. Security Contributor - Admin FEC Forums .::.

gwendu41000 · Answer

OTL :  Download link: https://forums-fec.be/upload/www/?action=d&id=6208161731 Deletion link: https://forums-fec.be/upload/www/?action=r&id=6208161731&removeid=2014958152   EXTRA :  Download link: https://forums-fec.be/upload/www/?action=d&id=6567863675 Deletion link: https://forums-fec.be/upload/www/?action=r&id=6567863675&removeid=3792839881

juju666 · Answer

Java and Adobe not updated => security vulnerabilities.
We'll see about that later ;)

=====================

Uninstall Spybot, it's useless

=====================

WARNING !!!: Custom script for this machine only, do not replicate!!

If you have XP => double click
If you have Vista or Windows 7 => right click "run as...."

on OTL.exe to launch it.

▶Copy the list that is in bold below,

▶ paste it in the area under "Customization":

:OTL
IE - HKU\S-1-5-21-1490009685-1439192658-2856458661-1000\..\SearchScopes\{E08A9998-D98F-476f-8F5C-37C80FE0A4DA}: "URL" = http://search.conduit.com/?SearchSource=10&ctid=CT2456781
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKU\S-1-5-21-1490009685-1439192658-2856458661-1000\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-1490009685-1439192658-2856458661-1000\..\RunOnce: [SpybotDeletingB1808] command.com /c del "C:\ProgramData\HBLiteSA\HBLiteSA_kyf.dat" File not found
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9159A1E6-6CDA-4AF7-8BDC-B99596A40793}: NameServer = 178.33.41.181,88.191.223.122
[2011/04/22 08:10:39 | 000,000,000 | ---D | M] -- C:\Users\damsgwennoa\AppData\Roaming\KyuubiBarre
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:93EB7685
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:6622852D
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:798A3728
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:E3C56885
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:14168AA3
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:3ED99525

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{CEC48C9C-8A20-4B23-B44C-D92D7851E89D}C:\users\damsgwennoa\appdata\roaming\cacaoweb\cacaoweb.exe"=-
"UDP Query User{C213D49A-E210-417E-A3D7-5324D0965100}C:\users\damsgwennoa\appdata\roaming\cacaoweb\cacaoweb.exe"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=-
"eoJet_is1"=-

:Commands
[EMPTYTEMP]

▶ Click on "Fix" to start the deletion.

▶ Post the log report which will logically open automatically at the end of the work after the reboot.

--
.::. Security Contributor - Admin FEC Forums .::.

gwendu41000 · Answer

All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-1490009685-1439192658-2856458661-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E08A9998-D98F-476f-8F5C-37C80FE0A4DA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E08A9998-D98F-476f-8F5C-37C80FE0A4DA}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\ deleted successfully.
C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-1490009685-1439192658-2856458661-1000\\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully.
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-1490009685-1439192658-2856458661-1000\\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB1808 deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9159A1E6-6CDA-4AF7-8BDC-B99596A40793}\\NameServer| /E : value set successfully!
C:\Users\damsgwennoa\AppData\Roaming\KyuubiBarre\Resources folder moved successfully.
C:\Users\damsgwennoa\AppData\Roaming\KyuubiBarre folder moved successfully.
ADS C:\ProgramData\Temp:93EB7685 deleted successfully.
ADS C:\ProgramData\Temp:6622852D deleted successfully.
ADS C:\ProgramData\Temp:E1F04E8D deleted successfully.
ADS C:\ProgramData\Temp:798A3728 deleted successfully.
ADS C:\ProgramData\Temp:4D066AD2 deleted successfully.
ADS C:\ProgramData\Temp:E3C56885 deleted successfully.
ADS C:\ProgramData\Temp:14168AA3 deleted successfully.
ADS C:\ProgramData\Temp:3ED99525 deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{CEC48C9C-8A20-4B23-B44C-D92D7851E89D}C:\users\damsgwennoa\appdata\roaming\cacaoweb\cacaoweb.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C213D49A-E210-417E-A3D7-5324D0965100}C:\users\damsgwennoa\appdata\roaming\cacaoweb\cacaoweb.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\eoJet_is1 not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData

User: damsgwennoa
->Temp folder emptied: 7624993492 bytes
->Temporary Internet Files folder emptied: 48778703 bytes
->Java cache emptied: 7409478 bytes
->FireFox cache emptied: 68296710 bytes
->Google Chrome cache emptied: 388831180 bytes
->Flash cache emptied: 100546 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 69356629 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 85548 bytes
RecycleBin emptied: 7506758084 bytes

Total Files Cleaned = 14 987,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 01092013_161237

Files\Folders moved on Reboot...
C:\Users\damsgwennoa\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\damsgwennoa\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0 moved successfully.
C:\Users\damsgwennoa\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1 moved successfully.
C:\Users\damsgwennoa\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2 moved successfully.
C:\Users\damsgwennoa\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3 moved successfully.
C:\Users\damsgwennoa\AppData\Local\Google\Chrome\User Data\Default\Cache\data_4 moved successfully.
C:\Users\damsgwennoa\AppData\Local\Google\Chrome\User Data\Default\Cache\index moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

juju666 · Answer

super cleaning : https://forums-fec.be/entraide/viewtopic.php?f=11&t=229  --  .::. Contributor Security - Admin FEC Forums .::.

gwendu41000 · Answer

# DelFix v10.0 - Report created on 01/09/2013 at 19:26:08
# Updated on 01/04/2013 by Xplode
# Username: damsgwennoa - DAMSGWENNOA-PC

~ Removal of disinfecting tools ...

Removed: C:\Navilog1
Removed: C:\_OTL
Removed: C:\Program Files (x86)\FixLop
Removed: C:\Program Files (x86)\Navilog1
Removed: C:\AdwCleaner[S1].txt
Removed: C:\cleannavi.txt
Removed: C:\FixLop[CLEAN].txt
Removed: C:\FixLop[RECH].txt
Removed: C:\Users\damsgwennoa\Downloads\AdwCleaner.exe
Removed: C:\Users\damsgwennoa\Downloads\Extras.Txt
Removed: C:\Users\damsgwennoa\Downloads\FixLop.exe
Removed: C:\Users\damsgwennoa\Downloads\Navilog1(1).exe
Removed: C:\Users\damsgwennoa\Downloads\Navilog1.exe
Removed: C:\Users\damsgwennoa\Downloads\OTL (1).Txt
Removed: C:\Users\damsgwennoa\Downloads\OTL.Txt
Removed: C:\Users\damsgwennoa\Downloads\OTL (1).exe
Removed: C:\Users\damsgwennoa\Downloads\OTL.exe
Removed: HKLM\SOFTWARE\OldTimer Tools
Removed: HKLM\SOFTWARE\AdwCleaner

########## - EOF - ##########

juju666 · Answer

perfect :D  --  .::. Security Contributor - FEC Forums Admin .::.

gwendu41000 · Answer

RaProducts' PureRa v1.7
Log created at 19:28 on 09/01/2013 (damsgwennoa)

C:\Config.MSI emptied.
C:\Users\damsgwennoa\AppData\LocalLow\Microsoft\CryptNetURLCache\Content emptied.
C:\Users\damsgwennoa\AppData\LocalLow\Microsoft\CryptNetURLCache\MetaData emptied.
C:\Windows\system32\FNTCACHE.DAT <- The specified file is not found.
Recycle bin emptied.
C:\ProgramData\Spybot - Search & Destroy\Logs emptied.
C:\Windows\SoftwareDistribution\DataStore\Logs emptied.
C:\Windows\SoftwareDistribution\Download emptied.
C:\Windows\SoftwareDistribution\SelfUpdate\Default emptied.
C:\Windows\SoftwareDistribution\WuRedir emptied.
C:\Windows\SoftwareDistribution\ReportingEvents.log <- The process cannot access the file because it is being used by another process.
C:\Users\DAMSGW~1\AppData\Local\Temp emptied.
C:\Windows\TEMP emptied.
C:\Users\damsgwennoa\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db <- Successfully deleted.
C:\Users\damsgwennoa\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db <- Successfully deleted.
C:\Users\damsgwennoa\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db <- Successfully deleted.
C:\Users\damsgwennoa\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db <- Successfully deleted.
C:\Users\damsgwennoa\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db <- Successfully deleted.
C:\Users\damsgwennoa\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db <- Successfully deleted.

Total space cleaned: 105.06 MB

Total space cleaned: 105.06 MB

-=E.O.F=-

juju666 · Answer

and there you go, 105 MB saved ^^  --  .::. Security Contributor - FEC Forums Admin .::.

gwendu41000 · Answer

Thank you very much for your help. So is everything good now, nothing else to do??

juju666 · Answer

if you followed everything, no :-)  --  .::. Security Contributor - Admin FEC Forums .::.

gwendu41000 · Answer

Okay. So it's good ;) thank you very much for your help :)

juju666 · Answer

You're welcome!  --  .::. Security Contributor - FEC Forums Admin .::.

Track.effiliation

19 réponses

Texture issues in enshrouded

Old lullaby

Unable to connect to freebox os

Edit ad on leboncoin for free

Freebox wifi password

Computer tower that won't turn on

Blocked: are my messages still being delivered?

Video intercom inspector

Your computer can't use another display.

Fransat decoder stuck