SEARCH

The How-To Geek Forums Have Migrated to Discourse

How-To Geek Forums / Windows 7

Browser possibly getting hijacked

(48 posts)
  • Started 1 year ago by joefuf
  • Latest reply from StringJunky
  • Topic Viewed 2553 times

joefuf
Posts: 121

In the last few weeks, I have noticed that clicking links will sometimes being me to one of these links in the picture below. The page never loads, however if I click back, the intended link loads. There is no trend I have noticed related to when this happens (it happens whether I am clicking a Reddit link or a Google link). I am using Waterfox (the 64-bit variant of Firefox) on my Dell running Windows 7 Ultimate.

I have run multiple Malwarebytes full scans since this has started happening and I have no found anything indicative of a virus. The website blocking feature never flags any of these sites while loading.

Is this a known issue?

Posted 1 year ago
Top
 
Fhirkin9
Fhirkin9
Posts: 179

I would say Hijacked, and someone is profiting from those clicks. I did a whois of that IP range and it looks suspicious : "searchanyway" which pays in some manner for clicks. I could be wrong but the evidence is there. http://www.networksolutions.co......15.72.104

Posted 1 year ago
Top
 
GuiltySpark
GuiltySpark
Posts: 4024

Agree with Fhirkin9, check your browser for Toolbars, Add-ons etc, and download CCleaner close browser and run the cleaner.

Posted 1 year ago
Top
 
joefuf
Posts: 121

See anything suspicious in any of these?

http://imgur.com/a/CngzE

Posted 1 year ago
Top
 
GuiltySpark
GuiltySpark
Posts: 4024

Doesn't look like there should be problems there.

Did you try CCleaner ?

Also (just to rule them out) try starting your browser with add-ons disabled.

Posted 1 year ago
Top
 
joefuf
Posts: 121

Haven't tried CCleaner today, but I run that almost once a week. I've definitely run it since this problem started.

Heading into an exam now, but check back in three hours and I will update you on starting with add-ons disabled.

Posted 1 year ago
Top
 
joefuf
Posts: 121

I used CCleaner and that was working until just now. I just got redirected again, but this time, something loaded on the page:

The link goes to this address:

http://click.livesearchnow.com.....7-15-35-05

I have not clicked it.

I am not sure how to start Waterfox without add ons...

Posted 1 year ago
Top
 
warlock
warlock
Posts: 4100

http://www.malwarebytes.org Try the free version of this.

Posted 1 year ago
Top
 
joefuf
Posts: 121

I use the Pro version and that doesn't get anything when I scan. Is the free version going to do something different?

Posted 1 year ago
Top
 
warlock
warlock
Posts: 4100

Probably not, didn't say you used it in your posting. Are your using the full scan?

Posted 1 year ago
Top
 
joefuf
Posts: 121

Yeah, I do full scans. I posted that below the picture in my original post. Probably should have written it above the picture. My bad.

Posted 1 year ago
Top
 
warlock
warlock
Posts: 4100

http://blog.ffextensionguru.co.....re-mishap/ Maybe read through this see if it might apply.

Posted 1 year ago
Top
 
StringJunky
StringJunky
Posts: 2454

Have a go with this. Just install > Click Search > If the log shows something click Delete > Reboot. This is designed for browser and search crap.

http://www.softpedia.com/get/A.....aner.shtml

Tony

Posted 1 year ago
Top
 
joefuf
Posts: 121

Tony, here is the log that followed the scan. Do you see anything here?

# AdwCleaner v2.113 - Logfile created 02/27/2013 at 20:34:39
# Updated 23/02/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Jeff - JEFF
# Boot Mode : Normal
# Running from : C:\Users\Jeff\Downloads\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Found : C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\h9klukkn.default\searchplugins\daemon-search.xml
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\Viewpoint
Folder Found : C:\ProgramData\boost_interprocess
Folder Found : C:\ProgramData\Viewpoint
Folder Found : C:\Users\Jeff\AppData\Local\Conduit
Folder Found : C:\Users\Jeff\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\Jeff\AppData\LocalLow\Conduit
Folder Found : C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\h9klukkn.default\Conduit
Folder Found : C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\h9klukkn.default\CT1060933
Folder Found : C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\h9klukkn.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
Folder Found : C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\h9klukkn.default\FCTB
Folder Found : C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\h9klukkn.default\jetpack

***** [Registry] *****

Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Ask&Record
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Iminent
Key Found : HKLM\Software\MetaStream
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Found : HKLM\Software\Orbit\OpenCandy
Key Found : HKLM\Software\Viewpoint
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKU\S-1-5-21-2492272126-1598020779-2127758990-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKU\S-1-5-21-2492272126-1598020779-2127758990-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Key Found : HKU\S-1-5-21-2492272126-1598020779-2127758990-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKU\S-1-5-21-2492272126-1598020779-2127758990-1018\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKU\S-1-5-21-2492272126-1598020779-2127758990-1018\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Key Found : HKU\S-1-5-21-2492272126-1598020779-2127758990-1018\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxps://isearch.avg.com/?cid={4D61A652-C560-487C-93F9-87E59E692CD2}&mid=bf1b429bf3d4431992fcf65403e8d46b-b602d594afd2b0b327e07a06f36ca6a7e42546d0&lang=en&ds=ip011&pr=sa&d=2012-08-30 11:35:34&v=12.1.0.20&sap=hp

-\\ Mozilla Firefox v [Unable to get version]

File : C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\etp80ct6.New Profile\prefs.js

Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Found : user_pref("browser.search.selectedEngine", "AVG Secure Search");

File : C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\h9klukkn.default\prefs.js

Found : user_pref("CT1060933.SearchProtectorToolbarDisabled", true);
Found : user_pref("CT1060933.ToolbarDisabled", true);
Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Found : user_pref("extensions.DivXWebPlayer@divx.com.install-event-fired", true);
Found : user_pref("extensions.enabledAddons", "DivXWebPlayer%40divx.com:2.0.2.039,%7B2d3fbcf7-be69-4433-8858[...]
Found : user_pref("keyword.URL", "hxxps://isearch.avg.com/search?cid=B56921578-efe6-4b28-ab0f-68915605159cD&[...]

File : C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\mw8bzlfh.AVGAdobeTest\prefs.js

Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Found : user_pref("browser.search.selectedEngine", "AVG Secure Search");

File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\eo9qc2nj.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v25.0.1364.97

File : C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.1899] : homepage = "hxxps://isearch.avg.com/?cid={4D61A652-C560-487C-93F9-87E59E692CD2}&mid=bf1b429bf3d4431992fcf65403e8d46b-b602d594afd2b0b327e07a06f36ca6a7e42546d0&lang=en&ds=ip011&pr=sa&d=2012-08-30 11:35:34&v=12.1.0.20&sap=hp",

*************************

AdwCleaner[R1].txt - [7784 octets] - [27/02/2013 20:34:39]

########## EOF - C:\AdwCleaner[R1].txt - [7844 octets] ##########

Posted 1 year ago
Top
 
joefuf
Posts: 121

I just got redirected in Chrome. I didn't have a chance to take a screenshot, but it went to one of the IP addresses when I was trying to go to a B&H site and then I went to a click.livesearchnow.com link... I don't think it's an add-on in Waterfox, it must be adware or malware... Running another full-scan of Malwarebytes now.

Posted 1 year ago
Top
 
StringJunky
StringJunky
Posts: 2454

Everything in that log is toolbars and search pages and possibly something else which you don't need at all. Open Adwcleaner and hit search button again >click off the log > Hit Delete > Reboot. You will get a log of what was deleted showing. Click this off. Open and run the app again. If it looks like this log of mine you are done but if it still shows something run again til it looks like mine.

You might have to start all over again with Chrome setting it up but the others probably will need the home pages resetting to your liking.

Tony

Posted 1 year ago
Top
 
GuiltySpark
GuiltySpark
Posts: 4024

@ joefuf ,

Remove Conduit and Ask from your search engines list and reset your Home page. You may have to go through each browser and do this as they tend to install throughout.

Posted 1 year ago
Top
 
joefuf
Posts: 121

Sorry I dropped out for two days. I had a bit of trouble.

I ended up downloading Ad-Aware Antivirus (which I remembered using back in the day when it was just a scan tool). It found a fair amount of things (one was a toolbar, and I can't remember the rest). I removed things successfully, but the resident shield started to cause me trouble, deleting and disabling things that I had on my computer. I had to uninstall it before it did any more damage. I will try ADW again

Posted 1 year ago
Top
 
StringJunky
StringJunky
Posts: 2454

Let us know how you got on with it.

Tony

Posted 1 year ago
Top
 
joefuf
Posts: 121

This was the report when I ran the scan and clicked Delete:


# AdwCleaner v2.113 - Logfile created 03/03/2013 at 15:26:53
# Updated 23/02/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Jeff - JEFF
# Boot Mode : Normal
# Running from : C:\Users\Jeff\Downloads\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\h9klukkn.default\searchplugins\daemon-search.xml
Folder Deleted : C:\Program Files (x86)\adawaretb
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Viewpoint
Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Viewpoint
Folder Deleted : C:\Users\Jeff\AppData\Local\Conduit
Folder Deleted : C:\Users\Jeff\AppData\LocalLow\adawaretb
Folder Deleted : C:\Users\Jeff\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Jeff\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\h9klukkn.default\Conduit
Folder Deleted : C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\h9klukkn.default\CT1060933
Folder Deleted : C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\h9klukkn.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
Folder Deleted : C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\h9klukkn.default\FCTB
Folder Deleted : C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\h9klukkn.default\jetpack

***** [Registry] *****

Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Ask&Record
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\Orbit\OpenCandy
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKU\S-1-5-21-2492272126-1598020779-2127758990-1018\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKU\S-1-5-21-2492272126-1598020779-2127758990-1018\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Key Deleted : HKU\S-1-5-21-2492272126-1598020779-2127758990-1018\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxps://isearch.avg.com/?cid={4D61A652-C560-487C-93F9-87E59E692CD2}&mid=bf1b429bf3d4431992fcf65403e8d46b-b602d594afd2b0b327e07a06f36ca6a7e42546d0&lang=en&ds=ip011&pr=sa&d=2012-08-30 11:35:34&v=12.1.0.20&sap=hp --> hxxp://www.google.com

-\\ Mozilla Firefox v [Unable to get version]

File : C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\etp80ct6.New Profile\prefs.js

Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");

File : C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\h9klukkn.default\prefs.js

Deleted : user_pref("CT1060933.SearchProtectorToolbarDisabled", true);
Deleted : user_pref("CT1060933.ToolbarDisabled", true);
Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("extensions.DivXWebPlayer@divx.com.install-event-fired", true);
Deleted : user_pref("extensions.enabledAddons", "DivXWebPlayer%40divx.com:2.0.2.039,%7B2d3fbcf7-be69-4433-8858[...]
Deleted : user_pref("keyword.URL", "hxxps://isearch.avg.com/search?cid=B56921578-efe6-4b28-ab0f-68915605159cD&[...]

File : C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\mw8bzlfh.AVGAdobeTest\prefs.js

Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");

-\\ Google Chrome v25.0.1364.97

File : C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.1906] : homepage = "hxxps://isearch.avg.com/?cid={4D61A652-C560-487C-93F9-87E59E692CD2}&mid=bf1b429bf3d4[...]

*************************

AdwCleaner[R1].txt - [7919 octets] - [03/03/2013 15:26:22]
AdwCleaner[S1].txt - [7478 octets] - [03/03/2013 15:26:53]

########## EOF - C:\AdwCleaner[S1].txt - [7538 octets] ##########

Posted 1 year ago
Top
 



Topic Closed

This topic has been closed to new replies.

Get Free Articles in Your Inbox!

Join 134,000 newsletter readers

Email:

Go check your email!