Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer issues


  • This topic is locked This topic is locked
11 replies to this topic

#1 bryandshan

bryandshan

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 23 November 2012 - 06:02 PM

Hey guys am having issues with my computer. Its slow, sluggish, can take forever for things like google page or really any page to come up and once it does... still takes forever to go anywhere on it or type in it anywhere.. Boys just got xbox live through wireless and wondering if maybe that is part of the problem. Just not sure. Enclosing a hijackthis log. There is stuff on there and i have no clue as to what it is. Any help would be appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:00:24 PM, on 11/23/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2857572
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files\iWin Games\iWinGamesHookIE.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [KodakShareButtonApp] C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [InstaLAN] "C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [KGShareApp] C:\Program Files\Kodak\KODAK Share Button App\KGShare_App.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1236647033866
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1236695924156
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v57/wof/wof.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

--
End of file - 5876 bytes

Edited by bloopie, 23 November 2012 - 11:28 PM.
Mod Edit: Moved from XP to the Malware Removal forum. ~bloopie


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:49 AM

Posted 24 November 2012 - 10:14 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Close any open browsers, and all other programs working. Make sure you save your file if working on a document.
  • Do not install any other programs until this if fixed.[/b]
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).

Please post the logs and let me know if the problem persists.

#3 bryandshan

bryandshan
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 26 November 2012 - 05:24 PM

Ok... still having problems but here are the logs you asked for.. Boy is that alot of reading!!! lol

ComboFix 12-11-26.02 - Owner 11/26/2012 15:55:54.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.471 [GMT -6:00]
Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Free Firewall Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Owner\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Owner\Application Data\PriceGong\Data\z.xml
c:\program files\Object\config.ini
c:\program files\Object\facetheme\build.sh
c:\program files\Object\facetheme\chrome.manifest
c:\program files\Object\facetheme\config_build.sh
c:\program files\Object\facetheme\content\.DS_Store
c:\program files\Object\facetheme\content\firefoxOverlay.xul
c:\program files\Object\facetheme\content\installid.js
c:\program files\Object\facetheme\content\overlay.js
c:\program files\Object\facetheme\content\sudoku.js
c:\program files\Object\facetheme\defaults\.DS_Store
c:\program files\Object\facetheme\defaults\preferences\.DS_Store
c:\program files\Object\facetheme\defaults\preferences\sudoku.js
c:\program files\Object\facetheme\files
c:\program files\Object\facetheme\install.rdf
c:\program files\Object\facetheme\locale\.DS_Store
c:\program files\Object\facetheme\locale\en-US\.DS_Store
c:\program files\Object\facetheme\locale\en-US\sudoku.dtd
c:\program files\Object\facetheme\locale\en-US\sudoku.properties
c:\program files\Object\facetheme\readme.txt
c:\program files\Object\facetheme\skin\overlay.css
c:\program files\Object\facetheme_uninstall.exe
c:\program files\Shop to Win\TestFeeds\DisableStatus.xml
c:\program files\Shop to Win\TestFeeds\DisableStatusDirection.xml
c:\program files\Shop to Win\TestFeeds\GenericPopup.xml
c:\program files\Shop to Win\TestFeeds\MainStatus.xml
c:\program files\Shop to Win\TestFeeds\ShoppingConfirmation.xml
c:\program files\Shop to Win\unins000.dat
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\drivers\etc\lmhosts
c:\windows\system32\SET366.tmp
c:\windows\system32\SET36B.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_COUPONALERT_2PSERVICE
.
.
((((((((((((((((((((((((( Files Created from 2012-10-26 to 2012-11-26 )))))))))))))))))))))))))))))))
.
.
2012-11-25 01:09 . 2012-11-25 01:09 -------- d-----w- c:\documents and settings\Owner\Application Data\PC Cleaners
2012-11-25 01:08 . 2012-11-25 01:09 -------- d-----w- c:\documents and settings\Owner\Application Data\PCPro
2012-11-25 01:08 . 2012-11-25 01:09 -------- d-----w- c:\documents and settings\All Users\Application Data\PC1Data
2012-11-25 01:08 . 2012-11-25 01:08 -------- d-----w- c:\program files\PC Cleaners
2012-11-23 23:24 . 2012-11-23 23:24 -------- d-----w- c:\documents and settings\Owner\Application Data\CheckPoint
2012-11-23 23:21 . 2012-11-23 23:23 -------- d-----w- c:\program files\CheckPoint
2012-11-23 23:21 . 2012-11-23 23:21 -------- d-----w- c:\documents and settings\All Users\Application Data\CheckPoint
2012-11-18 16:01 . 2012-11-18 16:01 -------- d-----w- C:\ee2f6600463e85629487b13f4972ec
2012-11-08 02:03 . 2012-11-08 02:03 -------- d-----w- c:\documents and settings\All Users\Application Data\NovaRad
2012-11-03 06:54 . 2008-04-14 00:12 221184 ----a-w- c:\windows\system32\wmpns.dll
2012-11-03 05:56 . 2012-11-03 05:56 -------- d-----w- c:\program files\MSXML 4.0
2012-11-02 23:41 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2012-11-02 23:40 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2012-11-02 23:38 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2012-11-02 23:38 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2012-11-02 23:37 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2012-11-02 23:35 . 2012-05-28 18:16 536576 -c----w- c:\windows\system32\dllcache\msado15.dll
2012-11-02 23:35 . 2012-07-04 14:05 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-11-02 23:34 . 2012-08-28 15:14 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-11-02 23:34 . 2012-08-28 15:14 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-11-02 23:25 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-11-02 23:25 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-11-02 23:25 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-11-02 23:21 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2012-11-02 09:33 . 2012-11-02 09:33 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2012-11-02 08:01 . 2012-11-02 08:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-11-02 07:49 . 2012-11-02 07:50 -------- d-----w- c:\documents and settings\Administrator
2012-11-02 06:42 . 2012-11-02 06:43 -------- d-----w- c:\documents and settings\All Users\Application Data\A477533534DD45540000A476AEC44B19
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-25 01:07 . 2010-05-12 02:18 4589880 ----a-w- c:\windows\uninst.exe
2012-10-30 23:51 . 2011-09-05 01:09 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 23:51 . 2010-05-21 21:32 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 23:51 . 2010-05-21 21:32 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-30 23:51 . 2010-05-21 21:32 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 23:51 . 2010-05-21 21:32 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-10-30 23:51 . 2010-05-21 21:32 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-10-30 23:51 . 2010-05-21 21:32 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 23:51 . 2010-05-21 21:32 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-10-30 23:51 . 2010-07-14 14:32 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 23:50 . 2010-05-21 21:32 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-22 08:37 . 2002-09-03 17:11 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-02 18:04 . 2002-09-03 17:05 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-12 12:24 . 2012-08-02 22:37 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-12 12:24 . 2010-05-21 21:06 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-03 02:46 . 2011-12-19 15:59 404680 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2010-11-18 18:12 . 2010-11-18 18:12 468 ----a-w- c:\program files\1118201012121809.bat
2012-10-24 17:50 . 2012-10-26 22:45 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 23:50 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KGShareApp"="c:\program files\Kodak\KODAK Share Button App\KGShare_App.exe" [2011-09-22 394752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-10-30 4297136]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2012-10-09 73392]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2012-08-30 738984]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 13:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISW]
2012-08-30 11:03 738984 ----a-w- c:\program files\CheckPoint\ZAForceField\ForceField.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 23:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KodakShareButtonApp]
2011-09-22 19:26 107008 ----a-w- c:\program files\Kodak\KODAK Share Button App\Listener.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Cleaners]
2012-11-25 01:08 55844664 ----a-w- c:\program files\PC Cleaners\PCCleaners.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-11-01 19:45 4763008 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [4/20/2012 6:19 AM 24408]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [9/4/2011 7:09 PM 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/21/2010 3:32 PM 361032]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 10:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 3:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [7/11/2012 12:54 PM 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/21/2010 3:32 PM 21256]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [8/30/2012 5:03 AM 27056]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [8/30/2012 5:03 AM 497320]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.207\McCHSvc.exe [6/17/2011 11:33 AM 237008]
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57]
.
2012-11-26 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Deskjet 1000 J110 series\Bin\HPCustPartic.exe [2010-11-17 02:12]
.
2012-11-25 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Deskjet 1000 J110 series\Bin\HPCustPartic.exe [2010-11-17 02:12]
.
2012-11-26 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Deskjet 1000 J110 series\Bin\HPCustPartic.exe [2010-11-17 02:12]
.
2012-11-26 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Deskjet 1000 J110 series\Bin\HPCustPartic.exe [2010-11-17 02:12]
.
2012-11-26 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-07-19 23:50]
.
2012-11-25 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2002-09-03 00:12]
.
2012-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-21 17:32]
.
2012-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-21 17:32]
.
2012-11-26 c:\windows\Tasks\pc-dis-upd.job
- c:\program files\PC Cleaners\PCCleaners.exe [2012-11-25 01:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2857572
uInternet Connection Wizard,ShellNext = iexplore
TCP: DhcpNameServer = 172.16.0.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\tafrv0np.default\
FF - prefs.js: browser.search.selectedEngine - WhiteSmoke US New Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3244149&SearchSource=2&q=
FF - ExtSQL: 2012-11-23 17:24; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; c:\program files\CheckPoint\ZAForceField\TrustChecker
FF - ExtSQL: !HIDDEN! 2009-07-13 13:44; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2010-09-29 15:42; {EB132DB0-A4CA-11DF-9732-0E29E0D72085}; c:\program files\Object\facetheme
FF - user.js: general.useragent.extra.brc -
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\AskBarDis\bar\bin\askBar.dll
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:\program files\AskBarDis\bar\bin\askBar.dll
WebBrowser-{C44F9E21-D93F-490C-B41C-B3548BDD19FC} - (no file)
HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKLM-Run-InstaLAN - c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
MSConfigStartUp-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
MSConfigStartUp-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
MSConfigStartUp-Weather - c:\program files\AWS\WeatherBug\Weather.exe
AddRemove-Facetheme - c:\program files\Object\facetheme_uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-26 16:11
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(556)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'lsass.exe'(612)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'explorer.exe'(2224)
c:\windows\system32\WININET.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-11-26 16:15:39
ComboFix-quarantined-files.txt 2012-11-26 22:15
.
Pre-Run: 43,183,706,112 bytes free
Post-Run: 43,140,829,184 bytes free
.
- - End Of File - - 64DA95A9192E165B8DECFCAC1EA2DA58


Results of screen317's Security Check version 0.99.56
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Free Antivirus
ZoneAlarm Free Firewall
ZoneAlarm Firewall
McAfee Security Scan Plus
ZoneAlarm LTD Toolbar
ZoneAlarm Security
`````````Anti-malware/Other Utilities Check:`````````
Out of date HijackThis installed!
SUPERAntiSpyware
HijackThis 2.0.2
PC Cleaners
JavaFX 2.1.1
Java™ 6 Update 29
Java 7 Update 7
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 10.3.183.23 Flash Player out of Date!
Mozilla Firefox 16.0.2 Firefox out of Date!
Google Chrome 23.0.1271.64
````````Process Check: objlist.exe by Laurent````````
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 avastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 13% Defragment your hard drive soon! (Do NOT defrag if SSD!)
[b][u]````````````````````End of Log````````````````

# AdwCleaner v2.009 - Logfile created 11/26/2012 at 16:21:56
# Updated 24/11/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - BARB-DESKTOP
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner\My Documents\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tafrv0np.default\searchplugins\Conduit.xml
File Found : C:\Program Files\Mozilla FireFox\searchplugins\fast.xml
File Found : C:\WINDOWS\system32\conduitEngine.tmp
Folder Found : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Found : C:\Documents and Settings\All Users\Application Data\WeCareReminder
Folder Found : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tafrv0np.default\CT3244149
Folder Found : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tafrv0np.default\extensions\{462be121-2b54-4218-bf00-b9bf8135b23f}
Folder Found : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tafrv0np.default\extensions\{6921B3CC-9935-4D28-9A83-B3D824210580}
Folder Found : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tafrv0np.default\extensions\2pffxtbr@CouponAlert_2p.com
Folder Found : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tafrv0np.default\extensions\textlinks@playsushi.com
Folder Found : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tafrv0np.default\FCTB
Folder Found : C:\Documents and Settings\Owner\Application Data\Qwiklinx
Folder Found : C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit
Folder Found : C:\Documents and Settings\Owner\Local Settings\Application Data\Productivity_2.1
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\Free Offers from Freeze.com
Folder Found : C:\Program Files\OApps
Folder Found : C:\Program Files\PlaySushi
Folder Found : C:\Program Files\Productivity_2.1
Folder Found : C:\Program Files\Qwiklinx

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\PlaySushi
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F2420702-84F2-4D32-A582-285DF814924F}
Key Found : HKCU\Software\Productivity_2.1
Key Found : HKCU\Toolbar
Key Found : HKLM\Software\AskBarDis
Key Found : HKLM\SOFTWARE\Classes\AppID\PSText.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0702A2B6-13AA-4090-9E01-BCDC85DD933F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F2420702-84F2-4D32-A582-285DF814924F}
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\Interface\{0F1794F2-900B-4C81-8146-9234E5CC5BE2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{21D9997E-5D2A-4737-BCBA-C958C0590295}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2857572
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2903600
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\iWon
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33689FED-FA72-4E01-9D2A-0F89A25BDAD3}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{60ADAEA6-5F7E-4A52-92A1-E5F899EEEE75}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\CouponAlert_2pbar Uninstall
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\facetheme
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F2420702-84F2-4D32-A582-285DF814924F}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Productivity_2.1 Toolbar
Key Found : HKLM\Software\Productivity_2.1
Value Found : HKCU\Software\Mozilla\Firefox\Extensions [{EB132DB0-A4CA-11DF-9732-0E29E0D72085}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{EB132DB0-A4CA-11DF-9732-0E29E0D72085}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2857572
[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - blank] = hxxp://www.startsearcher.com/tab.php
[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://www.startsearcher.com/tab.php

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tafrv0np.default\prefs.js

Found : user_pref("CT3244149.1000082.isPlayDisplay", "true");
Found : user_pref("CT3244149.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Found : user_pref("CT3244149.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3244149.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Found : user_pref("CT3244149.FirstTime", "true");
Found : user_pref("CT3244149.FirstTimeFF3", "true");
Found : user_pref("CT3244149.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT324[...]
Found : user_pref("CT3244149.UserID", "UN09257462767407021");
Found : user_pref("CT3244149.UserId", "1bffcbd2-c914-824a-db84-1af3e49440b8");
Found : user_pref("CT3244149.addressBarTakeOverEnabledInHidden", "true");
Found : user_pref("CT3244149.autoDisableScopes", -1);
Found : user_pref("CT3244149.browser.search.defaultthis.engineName", true);
Found : user_pref("CT3244149.cb_experience_000", "3");
Found : user_pref("CT3244149.cb_firstuse0100", "1");
Found : user_pref("CT3244149.cbcountry_001", "US");
Found : user_pref("CT3244149.cbfirsttime", "Tue Sep 18 2012 17:55:02 GMT-0500 (Central Daylight Time)");
Found : user_pref("CT3244149.defaultSearch", "true");
Found : user_pref("CT3244149.embeddedsData", "[{\"appId\":\"129895725399351616\",\"apiPermissions\":{\"cross[...]
Found : user_pref("CT3244149.enableAlerts", "always");
Found : user_pref("CT3244149.enableSearchFromAddressBar", "true");
Found : user_pref("CT3244149.firstTimeDialogOpened", "true");
Found : user_pref("CT3244149.fixPageNotFoundError", "true");
Found : user_pref("CT3244149.fixPageNotFoundErrorInHidden", "true");
Found : user_pref("CT3244149.fixUrls", true);
Found : user_pref("CT3244149.hxxp___api15_starwebnet_com.pid2", "419f1c11d988e6fd");
Found : user_pref("CT3244149.hxxp___api19_starwebnet_com.pid2", "b1e696cc34a81e5e");
Found : user_pref("CT3244149.hxxp___api28_starwebnet_com.pid2", "46a68e969c519fea");
Found : user_pref("CT3244149.hxxp___api30_starwebnet_com.pid2", "6667b47563070a13");
Found : user_pref("CT3244149.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_cache", "[\"c822c1b63853ed273b89[...]
Found : user_pref("CT3244149.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_defaultGui", "{\"gui\":[{\"type\[...]
Found : user_pref("CT3244149.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_settings", "{\"initUrl\":\"hxxp:[...]
Found : user_pref("CT3244149.hxxp___www_socialgrowthtechnologies_com_couponbuddy_v001.APP_WIN_FEATURES", "op[...]
Found : user_pref("CT3244149.installId", "155");
Found : user_pref("CT3244149.installType", "ConduitNSISIntegration");
Found : user_pref("CT3244149.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3244149.isNewTabEnabled", true);
Found : user_pref("CT3244149.isPerformedSmartBarTransition", "true");
Found : user_pref("CT3244149.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Found : user_pref("CT3244149.keyword", true);
Found : user_pref("CT3244149.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fsupport.microsof[...]
Found : user_pref("CT3244149.openThankYouPage", "false");
Found : user_pref("CT3244149.openUninstallPage", "true");
Found : user_pref("CT3244149.search.searchAppId", "129895725399351616");
Found : user_pref("CT3244149.search.searchCount", "0");
Found : user_pref("CT3244149.searchInNewTabEnabledInHidden", "true");
Found : user_pref("CT3244149.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3244149.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Found : user_pref("CT3244149.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Found : user_pref("CT3244149.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Found : user_pref("CT3244149.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Found : user_pref("CT3244149.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Found : user_pref("CT3244149.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Found : user_pref("CT3244149.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Found : user_pref("CT3244149.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1348008892748");
Found : user_pref("CT3244149.serviceLayer_services_appsMetadata_lastUpdate", "1348008892763");
Found : user_pref("CT3244149.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1348008894351");
Found : user_pref("CT3244149.serviceLayer_services_login_10.10.27.6_lastUpdate", "1348008896065");
Found : user_pref("CT3244149.serviceLayer_services_optimizer_lastUpdate", "1348008894980");
Found : user_pref("CT3244149.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1348008894852");
Found : user_pref("CT3244149.serviceLayer_services_searchAPI_lastUpdate", "1348008891324");
Found : user_pref("CT3244149.serviceLayer_services_serviceMap_lastUpdate", "1348008890104");
Found : user_pref("CT3244149.serviceLayer_services_toolbarContextMenu_lastUpdate", "1348008893843");
Found : user_pref("CT3244149.serviceLayer_services_toolbarSettings_lastUpdate", "1348008891406");
Found : user_pref("CT3244149.serviceLayer_services_translation_lastUpdate", "1348008892723");
Found : user_pref("CT3244149.settingsINI", true);
Found : user_pref("CT3244149.shouldFirstTimeDialog", "false");
Found : user_pref("CT3244149.smartbar.CTID", "CT3244149");
Found : user_pref("CT3244149.smartbar.Uninstall", "0");
Found : user_pref("CT3244149.smartbar.homepage", true);
Found : user_pref("CT3244149.smartbar.toolbarName", "WhiteSmoke US New ");
Found : user_pref("CT3244149.toolbarBornServerTime", "19-9-2012");
Found : user_pref("CT3244149.toolbarCurrentServerTime", "19-9-2012");
Found : user_pref("CT3244149.url_history0001", "hxxps://www.google.com:::clickhandler:::1348009372590,,,hxxp[...]
Found : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3244149&SearchSource=1[...]
Found : user_pref("Smartbar.ConduitSearchEngineList", "WhiteSmoke US New Customized Web Search");
Found : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3244149[...]
Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3244149");
Found : user_pref("browser.search.defaultenginename", "Web Search");
Found : user_pref("browser.search.order.1", "Fast Browser Search");
Found : user_pref("browser.search.selectedEngine", "WhiteSmoke US New Customized Web Search");
Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.AutoSearchEventData", "auto%20search");
Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.ClearCacheDate", 26);
Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.DNSCatch", false);
Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.DisplayEULA", true);
Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.DnsCatchEventData", "dns%20catch");
Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.EBOMode", true);
Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.EnableDCAData_xx", true);
Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.EnableDCA_xx", false);
Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.FirstLaunchShown", true);
Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.InstallDomain", "freecause.com");
Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.InstallType", "standard");
Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.LoadLayoutDate.100569", 26);
Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.NewTabSearchEventData", "tab%20search");
Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.ShowRecommendedOptions", true);
Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.StateReportDate", "1353823918968");
Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.TopRightSearchEventData", "top%20right%20search[...]
Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.beforeInstallSaved", true);
Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.beforeinstall.homepage", "hxxp%3A//search.condu[...]
Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.beforeinstall.search", "WhiteSmoke%20US%20New%2[...]
Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.customNewTab", false);
Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.dcaDefaultMode", false);
Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.dcaShowInstallerPage", false);
Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.dcaShowSurvey", true);
Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.helpUsImprove", true);
Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.hideOthers", false);
Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.partnerauth", false);
Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.processAddrBar", false);
Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.restoreSearch", false);
Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.searchHistory", true);
Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.session", "4CC0B5C2FBC80737FD53CEF2860DCCDD3988[...]
Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.showFirstLaunchOptions", false);
Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.tb_lang", "en");
Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.tool_id", "100569");
Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.user_id", "121385284");
Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.user_key", "fb13ac2802fda03ed267382da42027ab25b[...]
Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.user_layouts", "100569");
Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.user_lnames", "Shop%20to%20Win%2029");
Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.vars.disablecuidinject", "1");
Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.xml_service_url", "6bb94bbf55fe2f255901a560824a[...]
Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.yahooSearch", false);
Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3244149&SearchSource=2&q=[...]
Found : user_pref("playsushi.position.button", true);

Profile name : default
File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4osx9att.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [16058 octets] - [26/11/2012 16:21:56]

########## EOF - C:\AdwCleaner[R1].txt - [16119 octets] ##########

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:49 AM

Posted 27 November 2012 - 09:53 AM

These Firewalls are disable. Make sure that you only have one running in real time.

FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Free Firewall Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

If both are running it will slow down your computer.
===

These are not required as you do not have any McAfee security programs.
It was probably installed by a 3rd party program you downloaded.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup

If McAfee Security programs is listed in your Add/Remove Programs list, remove it.

===

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 29
Java 7 Update 7


===

Critical vulnerabilities have been identified in Adobe Flash Player v11.3.300.264 and earlier versions... being exploited in the wild in active targeted attacks...

Get the latest Flash Player

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.

For the users of Internet Explorer download version 11.
Flash Player 11 (64 bit)
Flash Player 11 (32 bit)

Remove these old versions using the Add/Remove Programs applet, if present.
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 10.3.183.23 Flash Player out of Date
===

Remove the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Everything that was found will be deleted.
  • Follow the prompts to reboot the computer. A text file will open after the restart.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number)..

Remove this old version of HijackThis 2.0.2 Using the Add/Remove Programs list.
Most forum will now ask to see a DDS log. ( Requested below)

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
    • DDS.scr <- not recommended if you use Chrome to download this .scr file. Use the other options.
    • DDS.pif
    • DDS.COM
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

Posted Image

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.

Please post the logs and let me know what problem persists.

#5 bryandshan

bryandshan
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 02 December 2012 - 09:40 AM

Am having trouble using ADWcleaner program.... it will scan but when it comes to deleting it freezes everytime. Have disabled firewall to see if that helped but no.. Im going to remove and then reinstall to see if that fixes it




.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 3/9/2009 6:39:25 PM
System Uptime: 12/2/2012 8:26:50 AM (0 hours ago)
.
Motherboard: Dell Computer Corporation | | 07W080
Processor: Intel® Pentium® 4 CPU 1.80GHz | Socket 478 | 1794/400mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 56 GiB total, 39.092 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Ethernet Controller
Device ID: PCI\VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01\4&1A671D0C&0&48F0
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01\4&1A671D0C&0&48F0
Service:
.
==== System Restore Points ===================
.
RP682: 11/3/2012 2:15:57 PM - Software Distribution Service 3.0
RP683: 11/4/2012 2:34:34 AM - Software Distribution Service 3.0
RP684: 11/4/2012 10:40:50 PM - Software Distribution Service 3.0
RP685: 11/5/2012 11:00:56 PM - Software Distribution Service 3.0
RP686: 11/6/2012 10:31:55 PM - Software Distribution Service 3.0
RP687: 11/8/2012 8:30:22 AM - System Checkpoint
RP688: 11/8/2012 10:00:22 AM - Software Distribution Service 3.0
RP689: 11/9/2012 1:15:55 AM - Software Distribution Service 3.0
RP690: 11/10/2012 5:34:52 AM - System Checkpoint
RP691: 11/10/2012 10:00:23 AM - Software Distribution Service 3.0
RP692: 11/11/2012 10:00:33 AM - Software Distribution Service 3.0
RP693: 11/12/2012 1:57:31 AM - Software Distribution Service 3.0
RP694: 11/13/2012 3:08:23 AM - Software Distribution Service 3.0
RP695: 11/14/2012 8:52:29 AM - System Checkpoint
RP696: 11/15/2012 9:31:27 AM - System Checkpoint
RP697: 11/16/2012 10:43:51 PM - System Checkpoint
RP698: 11/16/2012 11:44:29 PM - Software Distribution Service 3.0
RP699: 11/18/2012 5:06:37 AM - Software Distribution Service 3.0
RP700: 11/18/2012 8:52:20 AM - Software Distribution Service 3.0
RP701: 11/18/2012 10:00:35 AM - Software Distribution Service 3.0
RP702: 11/19/2012 10:00:24 AM - Software Distribution Service 3.0
RP703: 11/20/2012 12:45:15 AM - Software Distribution Service 3.0
RP704: 11/20/2012 7:27:49 PM - Software Distribution Service 3.0
RP705: 11/21/2012 5:10:46 AM - Software Distribution Service 3.0
RP706: 11/21/2012 10:00:17 AM - Software Distribution Service 3.0
RP707: 11/22/2012 10:00:45 AM - Software Distribution Service 3.0
RP708: 11/23/2012 1:45:15 AM - Software Distribution Service 3.0
RP709: 11/23/2012 4:42:31 PM - Software Distribution Service 3.0
RP710: 11/23/2012 5:03:29 PM - Software Distribution Service 3.0
RP711: 11/24/2012 6:44:42 PM - Installed Java 7 Update 9
RP712: 11/23/2012 11:35:42 PM - Software Distribution Service 3.0
RP713: 11/24/2012 5:17:08 AM - Software Distribution Service 3.0
RP714: 11/24/2012 1:58:19 PM - Software Distribution Service 3.0
RP715: 11/24/2012 6:44:48 PM - Removed Apple Application Support
RP716: 11/25/2012 10:00:34 AM - Software Distribution Service 3.0
RP717: 11/25/2012 10:31:54 AM - Software Distribution Service 3.0
RP718: 11/26/2012 10:00:19 AM - Software Distribution Service 3.0
RP719: 11/26/2012 7:59:49 PM - Installed HiJackThis
RP720: 11/27/2012 12:58:57 AM - Software Distribution Service 3.0
RP721: 11/27/2012 10:27:45 PM - avast! Free Antivirus Setup
RP722: 11/28/2012 10:00:24 AM - Software Distribution Service 3.0
RP723: 11/29/2012 4:17:37 AM - Software Distribution Service 3.0
RP724: 11/29/2012 10:00:17 AM - Software Distribution Service 3.0
RP725: 11/29/2012 11:44:45 PM - Software Distribution Service 3.0
RP726: 11/30/2012 7:22:37 AM - Software Distribution Service 3.0
RP727: 12/1/2012 6:05:51 AM - Software Distribution Service 3.0
RP728: 12/1/2012 11:05:06 AM - Software Distribution Service 3.0
RP729: 12/1/2012 10:02:47 PM - Removed Java 7 Update 7
RP730: 12/1/2012 10:03:49 PM - Removed Java™ 6 Update 15
RP731: 12/1/2012 10:06:07 PM - Removed JavaFX 2.1.1
RP732: 12/1/2012 10:09:17 PM - Installed Java 7 Update 9
.
==== Installed Programs ======================
.
Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Shockwave Player 11.6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
BCM V.92 56K Modem
Box 24
Cabos
Coupon Printer for Windows
Critical Update for Windows Media Player 11 (KB959772)
Dell Driver Download Manager
Dell ResourceCD
FaxTools
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB945060-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HP Deskjet 1000 J110 series Basic Device Software
HP Deskjet 1000 J110 series Help
HP Deskjet 1000 J110 series Product Improvement Study
HP Photo Creations
HP Update
InstallIQ Updater
Intel® Extreme Graphics Driver
iTunes
Java 7 Update 9
Java Auto Updater
KODAK Share Button App
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 17.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MUSICMATCH Jukebox
PC Cleaners
Productivity 2.1 Toolbar
QuickTime
Realtek AC'97 Audio
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219-v2)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135-v2)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847-v2)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
SUPERAntiSpyware
swMSM
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC 9.0 Runtime
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Wireless-G PCI Adapter
Yahoo! Toolbar
ZoneAlarm Firewall
ZoneAlarm Free Firewall
ZoneAlarm LTD Toolbar
ZoneAlarm Security
.
==== Event Viewer Messages From Past Week ========
.
12/1/2012 10:03:21 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
11/27/2012 12:59:44 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Silverlight (KB2690729).
11/27/2012 10:59:13 PM, error: Service Control Manager [7023] - The Human Interface Device Access service terminated with the following error: The specified module could not be found.
11/25/2012 4:56:36 PM, error: Dhcp [1002] - The IP address lease 172.16.0.4 for the Network Card with network address 000ACD1A141B has been denied by the DHCP server 172.16.0.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:49 AM

Posted 02 December 2012 - 10:05 AM

Please just paste the contents of the DDS.txt that the tool generated. You have submitted the attach.txt.

Avast virus protection may be stopping AdwCleaner from delete some items.

Disable it and run the tool, using the delete function.

If that fails boot in Safe Mode and run the tool from that mode.

#7 bryandshan

bryandshan
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 02 December 2012 - 10:13 AM

Well in the meantime i reinstalled it and it worked so here is what you asked for... now i must say not wanting to be overly optimistic but i think things just may be going a bit faster.. will have to play with it some to check this to be sure.

# AdwCleaner v2.010 - Logfile created 12/02/2012 at 09:04:51
# Updated 29/11/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - BARB-DESKTOP
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner\My Documents\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tafrv0np.default\searchplugins\Conduit.xml
File Deleted : C:\Program Files\Mozilla FireFox\searchplugins\fast.xml
File Deleted : C:\WINDOWS\system32\conduitEngine.tmp
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tafrv0np.default\extensions\{462be121-2b54-4218-bf00-b9bf8135b23f}
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tafrv0np.default\extensions\{6921B3CC-9935-4D28-9A83-B3D824210580}
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tafrv0np.default\extensions\2pffxtbr@CouponAlert_2p.com
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tafrv0np.default\extensions\textlinks@playsushi.com
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tafrv0np.default\FCTB

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\PlaySushi
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C80BDEB2-8735-44C6-BD55-A1CCD555667A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C80BDEB2-8735-44C6-BD55-A1CCD555667A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F2420702-84F2-4D32-A582-285DF814924F}
Key Deleted : HKCU\Software\Productivity_2.1
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\Software\AskBarDis
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{E89A07B5-BD7A-43F9-BDA4-0DAA48AC4FA5}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\PSText.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0702A2B6-13AA-4090-9E01-BCDC85DD933F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{622FD888-4E91-4D68-84D4-7262FD0811BF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B0DE3308-5D5A-470D-81B9-634FC078393B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F2420702-84F2-4D32-A582-285DF814924F}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0F1794F2-900B-4C81-8146-9234E5CC5BE2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{21D9997E-5D2A-4737-BCBA-C958C0590295}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45A8F904-D9CA-439B-9CBB-11097B45D9E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5272CCD4-4199-4B04-BF68-B28A0DCF0151}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{58E64AEE-516A-4DFC-AC38-31C50E8AF0F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5F701D7D-C869-41F0-B0E2-8136F02B539C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6BDA50D2-5597-4C68-A842-9B857FCCDA49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6CA3D0AB-F807-462C-BA7F-E27F07F91E32}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6F99D2AE-5C90-43C2-A2FE-81DBE512E2FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8997561D-CF0B-42C7-AAE6-78801B3ADC7F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{92580E8C-88F5-4551-9D9E-8147E7EE2C32}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A786F51D-B3C7-4F52-91EF-E1A892C2A2AE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C44FEFF4-EF0C-4CF7-83D0-92B4266A32B9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8AF87C1-0B1E-494B-AAF0-CECC3FFEDF99}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC4DAE-7794-4E16-9A98-F6001303DCD0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAB77009-B974-48DF-8229-E70CFAA11C69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EBAA6283-B61F-4DDD-9659-56635433A307}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFB0C189-5077-4340-9838-AF7B8E792A54}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFB4F034-3EB5-48D5-84DD-89BBCF9A182F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F131923C-381D-4E4C-A472-4A17118FD742}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F165085B-6B85-4AD5-AD00-95552A823F6D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F9D45087-1CF1-452E-9649-FDFDAC578E03}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FF2EBC1C-6579-41DB-91DD-945A1C8DB2D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2857572
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2903600
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C7E7FB02-C4FD-446E-8F5B-463A049935BF}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\iWon
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2AF08E71-3657-462F-898C-F7E791948F94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33689FED-FA72-4E01-9D2A-0F89A25BDAD3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56965DCF-718F-4148-BECF-5A2B466F4556}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{60ADAEA6-5F7E-4A52-92A1-E5F899EEEE75}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6F99D2AE-5C90-43C2-A2FE-81DBE512E2FC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7225F6C9-CF64-4D6D-AE8A-169779FD7B4D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\CouponAlert_2pbar Uninstall
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\facetheme
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Productivity_2.1 Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F2420702-84F2-4D32-A582-285DF814924F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Productivity_2.1 Toolbar
Key Deleted : HKLM\Software\Productivity_2.1
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{EB132DB0-A4CA-11DF-9732-0E29E0D72085}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{EB132DB0-A4CA-11DF-9732-0E29E0D72085}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - blank] = hxxp://www.startsearcher.com/tab.php --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://www.startsearcher.com/tab.php --> hxxp://www.google.com

-\\ Mozilla Firefox v17.0 (en-US)

Profile name : default
File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tafrv0np.default\prefs.js

C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tafrv0np.default\user.js ... Deleted !

Deleted : user_pref("CT3244149.1000082.isPlayDisplay", "true");
Deleted : user_pref("CT3244149.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Deleted : user_pref("CT3244149.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3244149.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT3244149.FirstTime", "true");
Deleted : user_pref("CT3244149.FirstTimeFF3", "true");
Deleted : user_pref("CT3244149.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT324[...]
Deleted : user_pref("CT3244149.UserID", "UN09257462767407021");
Deleted : user_pref("CT3244149.UserId", "1bffcbd2-c914-824a-db84-1af3e49440b8");
Deleted : user_pref("CT3244149.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT3244149.autoDisableScopes", -1);
Deleted : user_pref("CT3244149.browser.search.defaultthis.engineName", true);
Deleted : user_pref("CT3244149.cb_experience_000", "3");
Deleted : user_pref("CT3244149.cb_firstuse0100", "1");
Deleted : user_pref("CT3244149.cbcountry_001", "US");
Deleted : user_pref("CT3244149.cbfirsttime", "Tue Sep 18 2012 17:55:02 GMT-0500 (Central Daylight Time)");
Deleted : user_pref("CT3244149.defaultSearch", "true");
Deleted : user_pref("CT3244149.embeddedsData", "[{\"appId\":\"129895725399351616\",\"apiPermissions\":{\"cross[...]
Deleted : user_pref("CT3244149.enableAlerts", "always");
Deleted : user_pref("CT3244149.enableSearchFromAddressBar", "true");
Deleted : user_pref("CT3244149.firstTimeDialogOpened", "true");
Deleted : user_pref("CT3244149.fixPageNotFoundError", "true");
Deleted : user_pref("CT3244149.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT3244149.fixUrls", true);
Deleted : user_pref("CT3244149.hxxp___api15_starwebnet_com.pid2", "419f1c11d988e6fd");
Deleted : user_pref("CT3244149.hxxp___api19_starwebnet_com.pid2", "b1e696cc34a81e5e");
Deleted : user_pref("CT3244149.hxxp___api28_starwebnet_com.pid2", "46a68e969c519fea");
Deleted : user_pref("CT3244149.hxxp___api30_starwebnet_com.pid2", "6667b47563070a13");
Deleted : user_pref("CT3244149.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_cache", "[\"c822c1b63853ed273b89[...]
Deleted : user_pref("CT3244149.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_defaultGui", "{\"gui\":[{\"type\[...]
Deleted : user_pref("CT3244149.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_settings", "{\"initUrl\":\"hxxp:[...]
Deleted : user_pref("CT3244149.hxxp___www_socialgrowthtechnologies_com_couponbuddy_v001.APP_WIN_FEATURES", "op[...]
Deleted : user_pref("CT3244149.installId", "155");
Deleted : user_pref("CT3244149.installType", "ConduitNSISIntegration");
Deleted : user_pref("CT3244149.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3244149.isNewTabEnabled", true);
Deleted : user_pref("CT3244149.isPerformedSmartBarTransition", "true");
Deleted : user_pref("CT3244149.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3244149.keyword", true);
Deleted : user_pref("CT3244149.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fsupport.microsof[...]
Deleted : user_pref("CT3244149.openThankYouPage", "false");
Deleted : user_pref("CT3244149.openUninstallPage", "true");
Deleted : user_pref("CT3244149.search.searchAppId", "129895725399351616");
Deleted : user_pref("CT3244149.search.searchCount", "0");
Deleted : user_pref("CT3244149.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT3244149.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3244149.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT3244149.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT3244149.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT3244149.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3244149.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3244149.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT3244149.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Deleted : user_pref("CT3244149.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1348008892748");
Deleted : user_pref("CT3244149.serviceLayer_services_appsMetadata_lastUpdate", "1348008892763");
Deleted : user_pref("CT3244149.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1348008894351");
Deleted : user_pref("CT3244149.serviceLayer_services_login_10.10.27.6_lastUpdate", "1348008896065");
Deleted : user_pref("CT3244149.serviceLayer_services_optimizer_lastUpdate", "1348008894980");
Deleted : user_pref("CT3244149.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1348008894852");
Deleted : user_pref("CT3244149.serviceLayer_services_searchAPI_lastUpdate", "1348008891324");
Deleted : user_pref("CT3244149.serviceLayer_services_serviceMap_lastUpdate", "1348008890104");
Deleted : user_pref("CT3244149.serviceLayer_services_toolbarContextMenu_lastUpdate", "1348008893843");
Deleted : user_pref("CT3244149.serviceLayer_services_toolbarSettings_lastUpdate", "1348008891406");
Deleted : user_pref("CT3244149.serviceLayer_services_translation_lastUpdate", "1348008892723");
Deleted : user_pref("CT3244149.settingsINI", true);
Deleted : user_pref("CT3244149.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT3244149.smartbar.CTID", "CT3244149");
Deleted : user_pref("CT3244149.smartbar.Uninstall", "0");
Deleted : user_pref("CT3244149.smartbar.homepage", true);
Deleted : user_pref("CT3244149.smartbar.toolbarName", "WhiteSmoke US New ");
Deleted : user_pref("CT3244149.toolbarBornServerTime", "19-9-2012");
Deleted : user_pref("CT3244149.toolbarCurrentServerTime", "19-9-2012");
Deleted : user_pref("CT3244149.url_history0001", "hxxps://www.google.com:::clickhandler:::1348009372590,,,hxxp[...]
Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3244149&SearchSource=1[...]
Deleted : user_pref("Smartbar.ConduitSearchEngineList", "WhiteSmoke US New Customized Web Search");
Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3244149[...]
Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3244149");
Deleted : user_pref("browser.search.defaultenginename", "Web Search");
Deleted : user_pref("browser.search.order.1", "Fast Browser Search");
Deleted : user_pref("browser.search.selectedEngine", "WhiteSmoke US New Customized Web Search");
Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.AutoSearchEventData", "auto%20search");
Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.ClearCacheDate", 2);
Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.DNSCatch", false);
Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.DisplayEULA", true);
Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.DnsCatchEventData", "dns%20catch");
Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.EBOMode", true);
Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.EnableDCAData_xx", true);
Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.EnableDCA_xx", false);
Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.FirstLaunchShown", true);
Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.InstallDomain", "freecause.com");
Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.InstallType", "standard");
Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.LoadLayoutDate.100569", 2);
Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.NewTabSearchEventData", "tab%20search");
Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.ShowRecommendedOptions", true);
Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.StateReportDate", "1354410038742");
Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.TopRightSearchEventData", "top%20right%20search[...]
Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.beforeInstallSaved", true);
Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.beforeinstall.homepage", "hxxp%3A//search.condu[...]
Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.beforeinstall.search", "WhiteSmoke%20US%20New%2[...]
Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.customNewTab", false);
Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.dcaDefaultMode", false);
Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.dcaShowInstallerPage", false);
Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.dcaShowSurvey", true);
Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.helpUsImprove", true);
Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.hideOthers", false);
Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.partnerauth", false);
Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.processAddrBar", false);
Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.restoreSearch", false);
Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.searchHistory", true);
Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.session", "4CC0B5C2FBC80737FD53CEF2860DCCDD3988[...]
Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.showFirstLaunchOptions", false);
Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.tb_lang", "en");
Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.tool_id", "100569");
Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.user_id", "121385284");
Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.user_key", "fb13ac2802fda03ed267382da42027ab25b[...]
Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.user_layouts", "100569");
Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.user_lnames", "Shop%20to%20Win%2029");
Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.vars.disablecuidinject", "1");
Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.xml_service_url", "6bb94bbf55fe2f255901a560824a[...]
Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.yahooSearch", false);
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3244149&SearchSource=2&q=[...]
Deleted : user_pref("playsushi.position.button", true);

Profile name : default
File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4osx9att.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [16189 octets] - [26/11/2012 16:21:56]
AdwCleaner[R2].txt - [16218 octets] - [01/12/2012 22:17:33]
AdwCleaner[R3].txt - [16279 octets] - [01/12/2012 22:18:08]
AdwCleaner[R4].txt - [15585 octets] - [02/12/2012 08:23:03]
AdwCleaner[R5].txt - [15705 octets] - [02/12/2012 08:29:05]
AdwCleaner[R6].txt - [19879 octets] - [02/12/2012 09:04:28]
AdwCleaner[S1].txt - [372 octets] - [01/12/2012 22:18:39]
AdwCleaner[S2].txt - [372 octets] - [02/12/2012 08:23:25]
AdwCleaner[S3].txt - [372 octets] - [02/12/2012 08:29:51]
AdwCleaner[S4].txt - [20105 octets] - [02/12/2012 09:04:51]

########## EOF - C:\AdwCleaner[S4].txt - [20166 octets] ##########

#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:49 AM

Posted 02 December 2012 - 10:28 AM

Good work.
Wait a day or tow and if all is well:

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on AdwCleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

If you decide to keep the AdwCleaner tool make sure delete your version and download the latest before running it.

Delete the other tools we used.
You can Keep the DDS tool as most forum will ask to see a log before suggesting a fix.

Surf Safely, and Think Prevention!
===

#9 bryandshan

bryandshan
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 02 December 2012 - 09:07 PM

Computer is running much better... now question for you... Do i need to run an antivirus and firewall both?

#10 bryandshan

bryandshan
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 02 December 2012 - 09:09 PM

nevermind... lol

#11 bryandshan

bryandshan
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 02 December 2012 - 09:31 PM

ok one last question... You said....These Firewalls are disable. Make sure that you only have one running in real time.

Quote
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Free Firewall Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

I dont get the real time concept .. what does that mean and how do i do that?

#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:49 AM

Posted 03 December 2012 - 10:23 AM

Reported by ComboFix.

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} <- anti-virus

FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D} <- firewall
FW: ZoneAlarm Free Firewall Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} <- firewall

Personnally I would remove the ZoneAlarm firewall using the Add/Remove Programs applet.

If you want to keep it then just make sure that the program is not working while Avast is protecting you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users