Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware problems


  • This topic is locked This topic is locked
17 replies to this topic

#1 grnelf56

grnelf56

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:49 AM

Posted 28 May 2013 - 04:27 PM

I am helping a friend on there lap top and I believe it has a real player malware  installed somewhere ? or a  virus I have avast on system windows 7 any help would be appreciated.I know nothing

Also has white smoke translator that opens every time i start computer


Edited by grnelf56, 28 May 2013 - 04:46 PM.


BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:49 AM

Posted 28 May 2013 - 05:43 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.


We need to see some information about what is happening in your machine.  Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available.  Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool.  No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note:  You may have to disable any script protection running if the scan fails to run.  After downloading the tool, disconnect from the internet and disable all antivirus protection.  Run the scan, enable your A/V and reconnect to the internet. 

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner



Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log.  Instructions on how to properly create a GMER log can be found here:

How to create a GMER log





Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the  save log button, save it to your desktop and post it in your next reply.




Thanks and again sorry for the delay.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 grnelf56

grnelf56
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:49 AM

Posted 29 May 2013 - 01:27 PM

no worries about the wait. No one can complain.I can only get on this comp a couple hours a day. I am also getting a DDS is not ment to run in Compatibility mode

 

 

MZ       ÿÿ  ¸       @                                   Ø   º ´    Í!¸LÍ!This program cannot be run in DOS mode.

$       1¸„:uÙêiuÙêiuÙêi¶ÖµiwÙêiuÙëiîÙêi¶Ö·idÙêi!úÚiÙêi²ßìitÙêiRichuÙêi                        PE  L ÆãK        à   P      À `  Р     @                     0    Í   €                           Ø+     Ø                                                                                                          UPX0     À                       €  àUPX1     P   Р F                 @  à.rsrc             J              @  À                                                                                                                                                                                                                                                                                                                                                                                                                   3.07 UPX!
    ¾Çüx½
‚û TD   Š  & ¦ÿ÷ÿU‹ìƒì\ƒ}t+F‹Eu
ƒH‹
¨>Bÿ¿lÿ ‰HPÿuÿHr@ é uSÝŒ}÷V‹5°E¤WPLƒeôíæl»1EäP‹}ð¿ý±·ðDp; ï¶FRVV¯Uuÿ¿ýè‹Ï+MèÁ‰M™÷ÿ3ÒŠðQùÛÍNUMèÁ‹Ê1T»vé>ŠÈPE3Áá×m··ÀÈsôPBø¢p‡™åìrEðPˆTßÞ¾½ÿÓè9}qŒwÿ ƒ~Xÿºûteÿv4½5…À3tnÛ¶/jWÇ:« èî"Ý͹*Ê )XWKpÛg›ÛÿXÖðh -P¹gWøjÿh 6%Xr¿9Yˆw¤\_^3À[ÉÛßð·Â_‹L$¡ÈF‹ÑSiÒAVûÝÿÿW‹TöÂtOq3ÿ;5ÌsB‹Îiɼ}YþD‹ÁGët    Ûÿö/BO…Ét ë
u‹Ù3Úƒã9Ù´Û³÷‰F1ArÊt[Â…wÃ7îQQ‹U¿òiö˜{À3ÉóW?üB‹F¨^~ìö9Mt$¾B‰;„D‹ÂiÀ°ðýG|B‹‡
,RÛËö÷#ëu(›@ÿEüµwÍtëø;A‹Ðr¼ùÛ7
͈û,lü tóø·ù/ƒN@ëç‹€áƒÉ‰ëÙ?ö?    V3öƒù s49Èv,Pö¿ð$¨uGÓç…züt~^°ÿ$þ‰FÂóÙò[Ù?á¡­seùZám†”ØB=#¼ïð+üß3Û9tK;ßsEÕrƒÆ5¶­°d„b(ý­pÛ <˜¦‹¾@ƒâÓàì…w¿«ü#È‹ÁÓâ;ÂvCÆxw[w{ßrÆt
÷ƒVã rŸßÚîmCüóŠ‹DÓN}@¹ÁmøÛ @eÁà
+ÈQ;JÙq³ôvt$öj‹ÆxÐkÀtÜ]¸øƒ8C\P!0=¯ÿökœiCu@FëH‹£ãÛÛð+&|$ž/Œ{jv7ž{w5th0u
u0q³±u/Ph¡ÿe…DÞ¯a{…ö}’Î^Š¸[ëõ»ïîÐ|'Ctlj…™hpŸ°sŽŸË? Qì¤o8^MÊ¡"JØWjc»°ðY}ØNÌKó¥ñÜcÿûmàš‹úÁæ
ë‰]üÁç
ñùMû…ïú܉
h›M؃ÁþÚA‡˜ý×·½$(Sá?(
ÿlÌlÛß½9]Ì„c
!SÇø¶9vBH-…’9Öðw_‡S
Õƒø±P8³-½×ˆ|„ÌFüÜ¿-¼
‚^äu"‹ˆ ?ö·s7yˆ`<‹§-k±±)‹Ö{/ó4…a‹;Ë”À#¬¾Ç¶…C…6ÿ4•VÆ[ø/WpÊ]`xl†Ö7+tRQ%„ÇœëÎ<„ÿ>[jð=V·}‚ò«àº„š…ÝØ=ÈÎ!X‹øWFéþ—ï_f;ótBj\V
€SWŠˆˆEc³Ù:€u    |=·÷j5Û†ªW
x¨,ø…{¦Š'ˆF:Ãu¾àtjæBw„ÿmWh ˜Kb.t<>Äîjõ`SnN]ŸµcovjÐjß}‹ø»E¶#WV„pòjã<1×Íoíâê?Ø¿fk
ÔWH°jäaniM~P‹·¥o:éHl#“;Æv%8²cþ³!C;ÃtƒÀ,`²ëVþvÛ    ÇØìˆm…£D#6I7WÌhÿdÈBÇ{QVzSmdÍ>9o,jïíŸhü
ÁÞ¢j1žÁƒàV‰uø³cÿkøzFÂV¾p›¥VŠ‘ÞY„IP"ÂÙwðßK~MÄ¿p£­}|1ʸm]‡Ì“èÏQw7·iü`‹Èñý
Ñ€#ÁÆÞ\ã÷ØÒoÚu•ÖuÜ5C•êh$@íÛ´19þÿuv(S†ˆÅF–@WV
-ùEZ1ðÝ„WPâÃÞØÁøPD#ƒ6·/е§S'HVjúé<ŽlúN/øjâsÁ±¤‹|ƒ´(êóîÓfTSSzuäÿ
ÖÖ·6èÿ(Äì^‘
îÂëèP…¢ßŒ¹¨øì;ûÞ$ƒ~ÌÅþÿþujéV®`~ëjî~¤%ÎhR pSë4
±[¦'ÜPÃYçVjØÂiD;¹Jò´¹…ìè†Wîðw’2Îø1‡'î    ÇzsKx´j!jõ6G0º    ïnÔ·J”}•td*[woh37Áäøˆ;ø~vx¼µ/sÔÇUnoc—»â„û}x,y‰»soC‹ûÿ›ÿˆ7’ÖMN: o1vìIÛÉR‰ððpÐä5±Ù"ôëì)W²äNŠ)KP¸Oøl,6w´Vô?à]
Úy¸Bžÿ m9{KOæoÕð-Ùnÿ;ð|~–


Edited by grnelf56, 29 May 2013 - 01:53 PM.


#4 grnelf56

grnelf56
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:49 AM

Posted 29 May 2013 - 01:44 PM

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-05-29 11:37:26
-----------------------------
11:37:26.031    OS Version: Windows 5.1.2600 Service Pack 2
11:37:26.032    Number of processors: 1 586 0x301
11:37:26.033    ComputerName: GREG-PC-PC  UserName: Greg-pc
11:37:27.040    Initialize success
11:37:27.583    AVAST engine defs: 13052900
11:37:31.246    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
11:37:31.253    Disk 0 Vendor: TOSHIBA_MK2555GSXN GC002M Size: 238475MB BusType: 11
11:37:31.459    Disk 0 MBR read successfully
11:37:31.467    Disk 0 MBR scan
11:37:31.476    Disk 0 Windows VISTA default MBR code
11:37:31.494    Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS         1500 MB offset 2048
11:37:31.509    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       228693 MB offset 3074048
11:37:31.541    Disk 0 Partition 3 00     17 Hidd HPFS/NTFS NTFS         8281 MB offset 471437312
11:37:31.660    Disk 0 scanning sectors +488396800
11:37:31.833    Disk 0 scanning C:\windows\system32\drivers
11:37:44.202    Service scanning
11:38:28.912    Modules scanning
11:38:51.795    Disk 0 trace - called modules:
11:38:51.844    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys dxgkrnl.sys atikmdag.sys dxgmms1.sys amdppm.sys
11:38:51.853    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85c42030]
11:38:51.863    3 CLASSPNP.SYS[887b059e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x85c43908]
11:38:52.492    AVAST engine scan C:\windows
11:38:54.615    AVAST engine scan C:\windows\system32
11:42:16.848    AVAST engine scan C:\windows\system32\drivers
11:42:37.304    AVAST engine scan C:\Users\Greg-pc
11:43:16.174    Disk 0 MBR has been saved successfully to "C:\Users\Greg-pc\Desktop\MBR.dat"
11:43:16.186    The log file has been saved successfully to "C:\Users\Greg-pc\Desktop\aswMBR.txt"
 

 



#5 grnelf56

grnelf56
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:49 AM

Posted 30 May 2013 - 02:07 PM

dss logs i finally got them to work

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16576  BrowserJavaVersion: 10.5.1
Run by Greg-pc at 11:58:49 on 2013-05-30
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.1790.928 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\atiesrxx.exe
C:\windows\system32\atieclxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
C:\Program Files\OtShot\otshot.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Shop To Win\ShopToWin.exe
C:\Program Files\WhiteSmokeTranslator\WSTrayDictMode.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\conhost.exe
C:\windows\system32\consent.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://xfinity.comcast.net/?cid=insDate01302013
uDefault_Page_URL = hxxp://start.toshiba.com/
uURLSearchHooks: {167d9323-f7cc-48f5-948a-6f012831a69f} - <orphaned>
uURLSearchHooks: <No Name>:  - LocalServer32 - <no file>
uURLSearchHooks: FCToolbarURLSearchHook Class: {f122b94e-0c50-13c4-c9d3-893faefad90b} - c:\program files\shop to win 27\Helper.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: Shop to Win: {EE146ACC-D881-1414-2148-B1D008B47ADB} - c:\program files\shop to win 27\Shop to Win 27.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [MyTOSHIBA] "c:\program files\toshiba\my toshiba\MyToshiba.exe" /AUTO
uRun: [Shop To Win] c:\program files\shop to win\ShopToWin.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] "c:\program files\toshiba\utilities\HWSetup.exe" hwSetUP
mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
mRun: [TPwrMain] c:\program files\toshiba\power saver\TPwrMain.EXE
mRun: [SmoothView] c:\program files\toshiba\smoothview\SmoothView.exe
mRun: [00TCrdMain] c:\program files\toshiba\flashcards\TCrdMain.exe
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [NortonOnlineBackupReminder] "c:\program files\toshiba\toshiba online backup\activation\TobuActivation.exe" UNATTENDED
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [EKStatusMonitor] c:\program files\kodak\aio\statusmonitor\EKStatusMonitor.exe
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [OtShot] c:\program files\otshot\otshot.exe -minimize
mRun: [Conime] c:\windows\system32\conime.exe
StartupFolder: c:\users\greg-pc\appdata\roaming\micros~1\windows\startm~1\programs\startup\launch~1.lnk - c:\program files\whitesmoketranslator\WSTrayDictMode.exe
StartupFolder: c:\users\greg-pc\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoca~1.lnk - c:\program files\common files\autodesk shared\acstart16.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{9A2C832A-3E88-42DB-8D70-FFA7F014AFC6} : DHCPNameServer = 100.100.0.102
TCP: Interfaces\{D26EF0AC-B409-4440-87DD-8CFE0B7DACCB} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{D26EF0AC-B409-4440-87DD-8CFE0B7DACCB}\3456E647572797C496E6B653130353 : DHCPNameServer = 192.168.0.1 205.171.2.25
TCP: Interfaces\{D26EF0AC-B409-4440-87DD-8CFE0B7DACCB}\3586F62756C696E6560294E6E6 : DHCPNameServer = 10.128.128.128
TCP: Interfaces\{D26EF0AC-B409-4440-87DD-8CFE0B7DACCB}\D697177756374743837373 : DHCPNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{D26EF0AC-B409-4440-87DD-8CFE0B7DACCB}\D697177756374783731333 : DHCPNameServer = 192.168.0.1 205.171.3.25
SSODL: WebCheck - <orphaned>
mASetup: {01250B8F-D947-4F8A-9408-FE8E3EE2EC92} - c:\program files\toshiba\my toshiba\MyToshiba.exe /SETUP
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.94\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\greg-pc\appdata\roaming\mozilla\firefox\profiles\r0ddp0lr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3007394&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3007394&SearchSource=2&q=
FF - component: c:\users\greg-pc\appdata\roaming\mozilla\firefox\profiles\r0ddp0lr.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2013-05-26 16:34; {9ed31f84-c8b3-4926-b950-dff74047ff79}; c:\users\greg-pc\appdata\roaming\mozilla\firefox\profiles\r0ddp0lr.default\extensions\{9ed31f84-c8b3-4926-b950-dff74047ff79}
FF - ExtSQL: 2013-05-26 18:33; {0153E448-190B-4987-BDE1-F256CADA672F}; c:\programdata\real\realplayer\browserrecordplugin\firefox\Ext
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-10-7 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-10-7 361032]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-6-4 176128]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-10-7 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-7 58680]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-12-9 44808]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-8-10 185712]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKAiOHostService.exe [2012-10-19 395200]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files\kodak\aio\statusmonitor\EKPrinterSDK.exe [2012-10-15 779200]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-6-4 167936]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-6-4 171520]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-7 52224]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile="c:\windows\system32\notepad.exe" "%1"
.
=============== Created Last 30 ================
.
2013-05-28 21:03:21    7016152    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{33daf0bf-4c68-4a15-a048-313732dee96a}\mpengine.dll
2013-05-26 23:38:29    --------    d-----w-    c:\users\greg-pc\appdata\local\CRE
2013-05-26 23:34:58    --------    d-----w-    c:\program files\SearchProtect
2013-05-26 23:34:42    --------    d-----w-    c:\users\greg-pc\appdata\roaming\SearchProtect
2013-05-26 23:32:42    --------    d-----w-    c:\program files\OtShot
2013-05-26 23:32:36    --------    d-----w-    c:\programdata\ZalmanInstaller_52330
2013-05-23 18:36:59    193824    ----a-w-    c:\program files\mozilla firefox\maintenanceservice_installer.exe
2013-05-23 18:36:59    117144    ----a-w-    c:\program files\mozilla firefox\maintenanceservice.exe
2013-05-23 18:36:58    59288    ----a-w-    c:\program files\mozilla firefox\libEGL.dll
2013-05-23 18:36:58    478104    ----a-w-    c:\program files\mozilla firefox\libGLESv2.dll
2013-05-23 18:36:57    920472    ----a-w-    c:\program files\mozilla firefox\firefox.exe
2013-05-23 18:36:57    3076504    ----a-w-    c:\program files\mozilla firefox\gkmedias.dll
2013-05-23 18:36:57    279448    ----a-w-    c:\program files\mozilla firefox\freebl3.dll
2013-05-23 18:36:54    2106216    ----a-w-    c:\program files\mozilla firefox\D3DCompiler_43.dll
2013-05-23 18:36:54    116120    ----a-w-    c:\program files\mozilla firefox\crashreporter.exe
2013-05-23 18:36:53    74136    ----a-w-    c:\program files\mozilla firefox\breakpadinjector.dll
2013-05-23 18:36:52    19352    ----a-w-    c:\program files\mozilla firefox\AccessibleMarshal.dll
2013-05-14 19:30:30    2347520    ----a-w-    c:\windows\system32\win32k.sys
2013-05-14 19:30:23    218984    ----a-w-    c:\windows\system32\drivers\dxgmms1.sys
2013-05-14 19:30:21    728424    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
2013-05-14 19:29:53    101720    ----a-w-    c:\windows\system32\consent.exe
2013-05-14 19:29:51    1796096    ----a-w-    c:\windows\system32\authui.dll
2013-05-14 19:29:50    47104    ----a-w-    c:\windows\system32\appinfo.dll
2013-04-30 19:34:08    9728    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
.
==================== Find3M  ====================
.
2013-05-15 21:25:14    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-05-15 21:25:13    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-02 09:06:08    238872    ------w-    c:\windows\system32\MpSigStub.exe
2013-04-30 19:34:08    906240    ----a-w-    c:\windows\system32\FntCache.dll
2013-04-12 13:45:29    1211752    ----a-w-    c:\windows\system32\drivers\ntfs.sys
2013-04-05 05:28:24    1767424    ----a-w-    c:\windows\system32\wininet.dll
2013-04-05 05:26:26    2877440    ----a-w-    c:\windows\system32\jscript9.dll
2013-04-05 05:26:21    61440    ----a-w-    c:\windows\system32\iesetup.dll
2013-04-05 05:26:21    109056    ----a-w-    c:\windows\system32\iesysprep.dll
2013-04-05 04:29:45    2706432    ----a-w-    c:\windows\system32\mshtml.tlb
2013-04-05 03:38:25    71680    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2013-03-19 05:04:13    3968856    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:04:10    3913560    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-03-19 04:48:45    38912    ----a-w-    c:\windows\system32\csrsrv.dll
2013-03-19 02:49:16    69632    ----a-w-    c:\windows\system32\smss.exe
2013-03-06 00:40:20    861088    ----a-w-    c:\windows\system32\npDeployJava1.dll
2013-03-06 00:40:20    782240    ----a-w-    c:\windows\system32\deployJava1.dll
.

 

 

dss 2

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/14/2010 5:04:35 PM
System Uptime: 5/30/2013 11:10:50 AM (1 hours ago)
.
Motherboard: TOSHIBA |  | NBWAE
Processor: AMD Sempron™ SI-42 | Socket M2/S1G1 | 2100/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 223 GiB total, 177.506 GiB free.
D: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP282: 4/26/2013 9:17:34 PM - Windows Update
RP283: 4/30/2013 12:29:03 PM - Windows Update
RP284: 5/3/2013 1:16:28 PM - Windows Update
RP285: 5/7/2013 12:17:13 PM - Windows Update
RP286: 5/10/2013 1:08:59 PM - Windows Update
RP287: 5/14/2013 12:27:53 PM - Windows Update
RP288: 5/14/2013 3:04:54 PM - Windows Update
RP289: 5/21/2013 1:27:12 PM - Windows Update
RP290: 5/26/2013 4:33:15 PM - Installed Skype™ 6.3
RP291: 5/26/2013 5:24:22 PM - Removed Java™ 6 Update 29
RP293: 5/26/2013 5:31:09 PM - Removed Skype Launcher
RP294: 5/26/2013 5:31:41 PM - Removed Skype™ 6.3
RP295: 5/26/2013 6:29:33 PM - Restore Operation
RP296: 5/26/2013 6:46:35 PM - Removed OpenOffice.org 3.3
RP297: 5/26/2013 6:47:24 PM - Removed OpenOffice.org 3.3
RP298: 5/28/2013 2:01:19 PM - Windows Update
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.02)
aioprnt
aioscnnr
ATI Catalyst Install Manager
AutoCAD 2006 - English
Autodesk DWF Viewer
avast! Free Antivirus
C4USelfUpdater
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
center
Command & Conquer Red Alert 2
Compatibility Pack for the 2007 Office system
essentials
Google Chrome
Google Update Helper
GoToMeeting 4.5.0.457
Hoyle Puzzle and Board Games Classic
Java 7 Update 17
Java Auto Updater
Java™ 6 Update 29
JavaFX 2.1.1
Junk Mail filter update
Kodak AIO Printer
KODAK AiO Software
ksDIP
Label@Once 1.0
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mozilla Firefox 21.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyToshiba
NetZero Launcher
ocr
PlayReady PC Runtime x86
PreReq
PrintProjects
Quickbooks Financial Center
Realtek 8136 8168 8169 Ethernet Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Shop To Win
Skype Launcher
Synaptics Pointing Device Driver
Toshiba Application and Driver Installer
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Online Backup
Toshiba Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA Service Station
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
ToshibaRegistration
TweakNow RegCleaner
TweakNow RegCleaner 2011
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Utility Common Driver
WhiteSmokeTranslator
WildTangent Games
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
.
==== Event Viewer Messages From Past Week ========
.
5/30/2013 11:11:10 AM, Error: atikmdag [52236]  - CPLIB :: General - Invalid Parameter
5/30/2013 11:11:10 AM, Error: atikmdag [43029]  - Display is not active
5/29/2013 12:46:07 PM, Error: Schannel [36888]  - The following fatal alert was generated: 10. The internal error state is 10.
5/27/2013 9:10:40 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
.
=

 

 



#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:49 AM

Posted 30 May 2013 - 06:52 PM

Hello grnelf56,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.

 

 

1.

Download AdwCleaner

  • Double click on AdwCleaner.exe to run the tool.
    ***Note: Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select
    Run%20as%20admin.png
  • Click the Delete button.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your next reply.
  • Or you can find the logfile at C:\AdwCleaner[R1].txt.

 

2.

Please download  Listparts
Run the tool, click Scan and post the log (Result.txt) it makes.
 

 

Things to include in your next reply::

AdwCleaner log

Results.txt

How is your machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:49 AM

Posted 01 June 2013 - 02:08 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:49 AM

Posted 03 June 2013 - 06:11 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,260 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:07:49 AM

Posted 09 June 2013 - 03:59 PM

This topic has been re-opened at the request of the person who originally posted.

#10 grnelf56

grnelf56
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:49 AM

Posted 09 June 2013 - 04:13 PM

adware:

# AdwCleaner v2.303 - Logfile created 06/09/2013 at 13:41:20
# Updated 08/06/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 2 (32 bits)
# User : Greg-pc - GREG-PC-PC
# Boot Mode : Normal
# Running from : C:\Users\Greg-pc\Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\END
File Deleted : C:\Users\Greg-pc\AppData\Roaming\Mozilla\Firefox\Profiles\r0ddp0lr.default\searchplugins\Conduit.xml
File Deleted : C:\Users\Greg-pc\AppData\Roaming\Mozilla\Firefox\Profiles\r0ddp0lr.default\searchplugins\search-the-web.xml
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\SearchProtect
Folder Deleted : C:\Program Files\Shop To Win
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Users\Greg-pc\AppData\Local\Conduit
Folder Deleted : C:\Users\Greg-pc\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Greg-pc\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Greg-pc\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Greg-pc\AppData\Roaming\Mozilla\Firefox\Profiles\r0ddp0lr.default\Conduit
Folder Deleted : C:\Users\Greg-pc\AppData\Roaming\Mozilla\Firefox\Profiles\r0ddp0lr.default\ConduitCommon
Folder Deleted : C:\Users\Greg-pc\AppData\Roaming\Mozilla\Firefox\Profiles\r0ddp0lr.default\ConduitEngine
Folder Deleted : C:\Users\Greg-pc\AppData\Roaming\Mozilla\Firefox\Profiles\r0ddp0lr.default\CT3286042
Folder Deleted : C:\Users\Greg-pc\AppData\Roaming\Mozilla\Firefox\Profiles\r0ddp0lr.default\extensions\{9ed31f84-c8b3-4926-b950-dff74047ff79}
Folder Deleted : C:\Users\Greg-pc\AppData\Roaming\Mozilla\Firefox\Profiles\r0ddp0lr.default\extensions\engine@conduit.com
Folder Deleted : C:\Users\Greg-pc\AppData\Roaming\Mozilla\Firefox\Profiles\r0ddp0lr.default\Smartbar
Folder Deleted : C:\Users\Greg-pc\AppData\Roaming\SearchProtect
Folder Deleted : C:\Users\Greg-pc\Documents\ShopToWin

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key Deleted : HKCU\Software\ShopToWin
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100565.FCTB000100565Pos
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100565.FCTB000100565Pos.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100565.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100565.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100565.JSOptionsImpl
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100565.JSOptionsImpl.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\FCTB000100565
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key Deleted : HKLM\SOFTWARE\Software
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Shop To Win]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16576

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Secondary Start Pages] = hxxp://search.conduit.com/?SearchSource=10&ctid=CT3007394 --> hxxp://www.google.com

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\Greg-pc\AppData\Roaming\Mozilla\Firefox\Profiles\r0ddp0lr.default\prefs.js

Deleted : user_pref("CT2866295..clientLogIsEnabled", true);
Deleted : user_pref("CT2866295..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2866295..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2866295.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2866295.CTID", "CT2866295");
Deleted : user_pref("CT2866295.CurrentServerDate", "16-12-2010");
Deleted : user_pref("CT2866295.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2866295.DownloadReferralCookieData", "{\"BannerName\":\"\",\"BannerTypeId\":\"\",\"Bann[...]
Deleted : user_pref("CT2866295.ExternalComponentPollDate129363730260381540", "Wed Dec 15 2010 16:10:28 GMT-080[...]
Deleted : user_pref("CT2866295.FirstServerDate", "16-12-2010");
Deleted : user_pref("CT2866295.FirstTime", true);
Deleted : user_pref("CT2866295.FirstTimeFF3", true);
Deleted : user_pref("CT2866295.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2866295.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2866295.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2866295.HasUserGlobalKeys", true);
Deleted : user_pref("CT2866295.Initialize", true);
Deleted : user_pref("CT2866295.InitializeCommonPrefs", true);
Deleted : user_pref("CT2866295.InstallationAndCookieDataSentCount", 1);
Deleted : user_pref("CT2866295.InstalledDate", "Wed Dec 15 2010 16:10:29 GMT-0800 (Pacific Standard Time)");
Deleted : user_pref("CT2866295.IsGrouping", false);
Deleted : user_pref("CT2866295.IsMulticommunity", false);
Deleted : user_pref("CT2866295.IsOpenThankYouPage", true);
Deleted : user_pref("CT2866295.IsOpenUninstallPage", true);
Deleted : user_pref("CT2866295.LanguagePackLastCheckTime", "Wed Dec 15 2010 16:10:29 GMT-0800 (Pacific Standar[...]
Deleted : user_pref("CT2866295.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2866295.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2866295.LastLogin_3.2.5.2", "Wed Dec 15 2010 16:10:28 GMT-0800 (Pacific Standard Time)"[...]
Deleted : user_pref("CT2866295.LatestVersion", "3.2.5.2");
Deleted : user_pref("CT2866295.Locale", "en");
Deleted : user_pref("CT2866295.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2866295.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2866295.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2866295.SavedHomepage", "resource:/browserconfig.properties");
Deleted : user_pref("CT2866295.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2866295.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT286[...]
Deleted : user_pref("CT2866295.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2866295.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2866295.SearchInNewTabLastCheckTime", "Wed Dec 15 2010 16:10:28 GMT-0800 (Pacific Stand[...]
Deleted : user_pref("CT2866295.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2866295.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2866295.ServiceMapLastCheckTime", "Wed Dec 15 2010 16:10:27 GMT-0800 (Pacific Standard [...]
Deleted : user_pref("CT2866295.SettingsLastCheckTime", "Wed Dec 15 2010 16:10:27 GMT-0800 (Pacific Standard Ti[...]
Deleted : user_pref("CT2866295.SettingsLastUpdate", "1291900618");
Deleted : user_pref("CT2866295.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2866295.ThirdPartyComponentsLastCheck", "Wed Dec 15 2010 16:10:27 GMT-0800 (Pacific Sta[...]
Deleted : user_pref("CT2866295.ThirdPartyComponentsLastUpdate", "1246790578");
Deleted : user_pref("CT2866295.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Deleted : user_pref("CT2866295.UserID", "UN59146291698070795");
Deleted : user_pref("CT2866295.alertChannelId", "1258292");
Deleted : user_pref("CT2866295.myStuffEnabled", true);
Deleted : user_pref("CT2866295.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2866295.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2866295.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2866295.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2866295.testingCtid", "");
Deleted : user_pref("CT2866295.toolbarAppMetaDataLastCheckTime", "Wed Dec 15 2010 16:10:27 GMT-0800 (Pacific S[...]
Deleted : user_pref("CT2866295.toolbarContextMenuLastCheckTime", "Wed Dec 15 2010 16:10:29 GMT-0800 (Pacific S[...]
Deleted : user_pref("CT3007394..clientLogIsEnabled", true);
Deleted : user_pref("CT3007394..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT3007394..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT3007394.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT3007394.BrowserCompStateIsOpen_129632335555082016", true);
Deleted : user_pref("CT3007394.BrowserCompStateIsOpen_6699113592007696644", true);
Deleted : user_pref("CT3007394.CTID", "CT3007394");
Deleted : user_pref("CT3007394.CurrentServerDate", "21-10-2011");
Deleted : user_pref("CT3007394.DSInstall", true);
Deleted : user_pref("CT3007394.DialogsAlignMode", "LTR");
Deleted : user_pref("CT3007394.DialogsGetterLastCheckTime", "Fri Oct 21 2011 13:30:40 GMT-0700 (Pacific Daylig[...]
Deleted : user_pref("CT3007394.DownloadReferralCookieData", "");
Deleted : user_pref("CT3007394.FirstServerDate", "21-10-2011");
Deleted : user_pref("CT3007394.FirstTime", true);
Deleted : user_pref("CT3007394.FirstTimeFF3", true);
Deleted : user_pref("CT3007394.FixPageNotFoundErrors", true);
Deleted : user_pref("CT3007394.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT3007394.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT3007394.HPChangedManually", false);
Deleted : user_pref("CT3007394.HPInstall", false);
Deleted : user_pref("CT3007394.HPProtectChoice", true);
Deleted : user_pref("CT3007394.HPProtectCount", 1);
Deleted : user_pref("CT3007394.HasUserGlobalKeys", true);
Deleted : user_pref("CT3007394.HomePageProtectorEnabled", false);
Deleted : user_pref("CT3007394.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT3007394&SearchSource=[...]
Deleted : user_pref("CT3007394.Initialize", true);
Deleted : user_pref("CT3007394.InitializeCommonPrefs", true);
Deleted : user_pref("CT3007394.InstallationAndCookieDataSentCount", 1);
Deleted : user_pref("CT3007394.InstallationId", "9513");
Deleted : user_pref("CT3007394.InstallationType", "ConduitStubIntegration");
Deleted : user_pref("CT3007394.InstalledDate", "Fri Oct 21 2011 13:30:33 GMT-0700 (Pacific Daylight Time)");
Deleted : user_pref("CT3007394.InvalidateCache", false);
Deleted : user_pref("CT3007394.IsAlertDBUpdated", true);
Deleted : user_pref("CT3007394.IsGrouping", false);
Deleted : user_pref("CT3007394.IsInitSetupIni", true);
Deleted : user_pref("CT3007394.IsMulticommunity", false);
Deleted : user_pref("CT3007394.IsOpenThankYouPage", false);
Deleted : user_pref("CT3007394.IsOpenUninstallPage", false);
Deleted : user_pref("CT3007394.IsProtectorsInit", true);
Deleted : user_pref("CT3007394.LanguagePackLastCheckTime", "Fri Oct 21 2011 13:30:34 GMT-0700 (Pacific Dayligh[...]
Deleted : user_pref("CT3007394.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT3007394.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT3007394.LastLogin_3.7.0.6", "Fri Oct 21 2011 13:30:37 GMT-0700 (Pacific Daylight Time)"[...]
Deleted : user_pref("CT3007394.LatestVersion", "3.7.0.6");
Deleted : user_pref("CT3007394.Locale", "en-us");
Deleted : user_pref("CT3007394.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT3007394.MCDetectTooltipShow", false);
Deleted : user_pref("CT3007394.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT3007394.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT3007394.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT3007394.OriginalFirstVersion", "3.7.0.6");
Deleted : user_pref("CT3007394.RadioIsPodcast", false);
Deleted : user_pref("CT3007394.RadioLastCheckTime", "Fri Oct 21 2011 13:30:35 GMT-0700 (Pacific Daylight Time)[...]
Deleted : user_pref("CT3007394.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT3007394.RadioLastUpdateServer", "3");
Deleted : user_pref("CT3007394.RadioMediaID", "9962");
Deleted : user_pref("CT3007394.RadioMediaType", "Media Player");
Deleted : user_pref("CT3007394.RadioMenuSelectedID", "EBRadioMenu_CT30073949962");
Deleted : user_pref("CT3007394.RadioShrinkedFromSetup", false);
Deleted : user_pref("CT3007394.RadioStationName", "California%20Rock");
Deleted : user_pref("CT3007394.RadioStationURL", "hxxp://feedlive.net/california.asx");
Deleted : user_pref("CT3007394.SavedHomepage", "hxxp://www.google.com/");
Deleted : user_pref("CT3007394.SearchCaption", "WhiteSmoke Bar Customized Web Search");
Deleted : user_pref("CT3007394.SearchEngineBeforeUnload", "WhiteSmoke Bar Customized Web Search");
Deleted : user_pref("CT3007394.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT3007394.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT300[...]
Deleted : user_pref("CT3007394.SearchInNewTabEnabled", true);
Deleted : user_pref("CT3007394.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT3007394.SearchInNewTabLastCheckTime", "Fri Oct 21 2011 13:30:38 GMT-0700 (Pacific Dayli[...]
Deleted : user_pref("CT3007394.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT3007394.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Deleted : user_pref("CT3007394.SearchProtectorEnabled", true);
Deleted : user_pref("CT3007394.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT3007394.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT3007394.ServiceMapLastCheckTime", "Fri Oct 21 2011 13:30:32 GMT-0700 (Pacific Daylight [...]
Deleted : user_pref("CT3007394.SettingsLastCheckTime", "Fri Oct 21 2011 13:30:32 GMT-0700 (Pacific Daylight Ti[...]
Deleted : user_pref("CT3007394.SettingsLastUpdate", "1318772028");
Deleted : user_pref("CT3007394.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3007394&SearchSource=13");
Deleted : user_pref("CT3007394.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT3007394.ThirdPartyComponentsLastCheck", "Fri Oct 21 2011 13:30:32 GMT-0700 (Pacific Day[...]
Deleted : user_pref("CT3007394.ThirdPartyComponentsLastUpdate", "1312887586");
Deleted : user_pref("CT3007394.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT3007394.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3007394");
Deleted : user_pref("CT3007394.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT3007394.UserID", "UN69803823741375255");
Deleted : user_pref("CT3007394.ValidationData_Toolbar", 1);
Deleted : user_pref("CT3007394.alertChannelId", "1399123");
Deleted : user_pref("CT3007394.approveUntrustedApps", false);
Deleted : user_pref("CT3007394.backendstorage._gpl_firstrun10100", "31333139323239303530");
Deleted : user_pref("CT3007394.backendstorage.forcd_aoi", "31333139323239303530");
Deleted : user_pref("CT3007394.backendstorage.forcd_ccid", "56616E636F75766572");
Deleted : user_pref("CT3007394.backendstorage.forcd_cid", "5553");
Deleted : user_pref("CT3007394.backendstorage.forcd_ip", "36372E352E3134302E323331");
Deleted : user_pref("CT3007394.backendstorage.forcd_lcut", "31333139323239303530");
Deleted : user_pref("CT3007394.backendstorage.forcd_rid", "5741");
Deleted : user_pref("CT3007394.backendstorage.forcd_zoneid", "3130363833");
Deleted : user_pref("CT3007394.backendstorage.hxxp://api10_thetrafficstat_net.pid2", "613936303530643861643961[...]
Deleted : user_pref("CT3007394.backendstorage.hxxp://api22_thetrafficstat_net.pid2", "613936303530643861643961[...]
Deleted : user_pref("CT3007394.backendstorage.hxxp://api6_thetrafficstat_net.pid2", "6139363035306438616439613[...]
Deleted : user_pref("CT3007394.backendstorage.hxxp://conduitapp_s3_amazonaws_com._gpl_firstrun10100", "3133313[...]
Deleted : user_pref("CT3007394.componentAlertEnabled", false);
Deleted : user_pref("CT3007394.components.1000082", false);
Deleted : user_pref("CT3007394.components.129496561701125760", false);
Deleted : user_pref("CT3007394.components.129496561701594512", false);
Deleted : user_pref("CT3007394.components.129496561701594513", false);
Deleted : user_pref("CT3007394.components.129496561701750765", false);
Deleted : user_pref("CT3007394.components.129496798128631252", false);
Deleted : user_pref("CT3007394.components.129557171326543351", false);
Deleted : user_pref("CT3007394.components.129632335555082016", false);
Deleted : user_pref("CT3007394.components.6699113592007696644", false);
Deleted : user_pref("CT3007394.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT3007394.globalFirstTimeInfoLastCheckTime", "Fri Oct 21 2011 13:30:33 GMT-0700 (Pacific [...]
Deleted : user_pref("CT3007394.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT3007394.initDone", true);
Deleted : user_pref("CT3007394.isAppTrackingManagerOn", true);
Deleted : user_pref("CT3007394.isFirstRadioInstallation", false);
Deleted : user_pref("CT3007394.myStuffEnabled", true);
Deleted : user_pref("CT3007394.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT3007394.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT3007394.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT3007394.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT3007394.revertSettingsEnabled", false);
Deleted : user_pref("CT3007394.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT3007394.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT3007394.testingCtid", "");
Deleted : user_pref("CT3007394.toolbarAppMetaDataLastCheckTime", "Fri Oct 21 2011 13:30:33 GMT-0700 (Pacific D[...]
Deleted : user_pref("CT3007394.toolbarContextMenuLastCheckTime", "Fri Oct 21 2011 13:30:34 GMT-0700 (Pacific D[...]
Deleted : user_pref("CT3007394.usageEnabled", false);
Deleted : user_pref("CT3007394.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3007394&Search[...]
Deleted : user_pref("CommunityToolbar.ConduitSearchList", "WhiteSmoke Bar Customized Web Search");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1258292/1253965/US", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1399123/1394781/US", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2866295", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3007394", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3007394",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63427934310393[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT3007394&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2866295/CT2866295[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/idel.gif", "[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/minimize.gif[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/play.gif", "[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/stop.gif", "[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/vol.gif", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]
Deleted : user_pref("CommunityToolbar.EngineOwner", "CT2866295");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "elf_1.15");
Deleted : user_pref("CommunityToolbar.IsEngineShown", true);
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Greg-pc\\AppData\\Roaming\\Mozilla\[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.7.0.6");
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://storage.conduit.com/MarketPlace/47/ca/47cb29c[...]
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2866295");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "elf_1.15");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2866295,ConduitEngine,CT3007394");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2866295,CT3007394");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3007394");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Tue May 31 2011 21:17:34 GMT-07[...]
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Tue Jun 28 2011 18:07:44 GMT-0700 (Pacif[...]
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Tue Jun 28 2011 04:02:18 GMT-0700 (Pacific D[...]
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "f2e4c410-3aee-48be-b3cd-2925011aa0bf");
Deleted : user_pref("CommunityToolbar.globalUserId", "63dd159b-99b9-4092-8aad-46915b353401");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3007394");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Oct 21 2011 13:30:3[...]
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Fri Oct 21 2011 14:30:46 GMT-070[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Oct 21 2011 13:30:32 GMT-0700 (P[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "d5aaa599-3acb-434e-89de-f7d4720482db");
Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.google.com/");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Search the Web");
Deleted : user_pref("ConduitEngine.FirstTime", true);
Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Deleted : user_pref("ConduitEngine.Initialize", true);
Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Deleted : user_pref("ConduitEngine.InstalledDate", "Wed Dec 15 2010 16:10:30 GMT-0800 (Pacific Standard Time)"[...]
Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Wed Dec 15 2010 16:10:30 GMT-0800 (Pacific Sta[...]
Deleted : user_pref("ConduitEngine.LastLogin_3.2.5.2", "Wed Dec 15 2010 16:11:06 GMT-0800 (Pacific Standard Ti[...]
Deleted : user_pref("ConduitEngine.PublisherContainerWidth", 0);
Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Wed Dec 15 2010 16:10:29 GMT-0800 (Pacific Standar[...]
Deleted : user_pref("ConduitEngine.UserID", "UN82263815354459350");
Deleted : user_pref("ConduitEngine.engineLocale", "en-US");
Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Wed Dec 15 2010 16:10:30 GMT-0800 (Pacif[...]
Deleted : user_pref("ConduitEngine.initDone", true);
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultthis.engineName", "WhiteSmoke Bar Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3007394&Sea[...]
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.AutoSearchEventData", "auto%20search");
Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.ClearCacheDate", 8);
Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.DNSCatch", true);
Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.DisplayEULA", true);
Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.DnsCatchEventData", "dns%20catch");
Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.EBOMode", true);
Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.FirstLaunchShown", true);
Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.LoadLayoutDate.100297", 8);
Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.NewTabSearchEventData", "tab%20search");
Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.ShowRecommendedOptions", true);
Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.StateReportDate", "1320705602042");
Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.TopRightSearchEventData", "top%20right%20search[...]
Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.beforeInstallSaved", true);
Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.beforeinstall.homepage", "hxxp%3A//www.google.c[...]
Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.beforeinstall.search", "Elf%201.15%20Customized[...]
Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.customNewTab", true);
Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.helpUsImprove", true);
Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.hideOthers", true);
Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.partnerauth", false);
Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.processAddrBar", true);
Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.restoreSearch", false);
Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.searchHistory", true);
Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.session", "295EBEF661F264D2E9EF8EB31279FBDB3BE2[...]
Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.showFirstLaunchOptions", false);
Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.tb_lang", "en");
Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.tool_id", "100297");
Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.user_id", "104225768");
Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.user_key", "28c4b8272778959fbcd0cfdbca9fa8ee133[...]
Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.user_layouts", "100297");
Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.user_lnames", "SocialRibbons%20LP5");
Deleted : user_pref("freecause3fe6b000fd7da4e4eddaef3dc5c7f32c.yahooSearch", true);
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3007394&SearchSource=2&q=[...]

-\\ Google Chrome v27.0.1453.110

File : C:\Users\Greg-pc\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.1848] : homepage = "hxxp://search.conduit.com/?ctid=CT3286042&SearchSource=48&CUI=UN18013676161624542&UM[...]
Deleted [l.2008] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3286042&SearchSource=48&CUI[...]

*************************

AdwCleaner[R1].txt - [30843 octets] - [09/06/2013 13:40:21]
AdwCleaner[S1].txt - [31352 octets] - [09/06/2013 13:41:20]

########## EOF - C:\AdwCleaner[S1].txt - [31413 octets] ##########
list parts

ListParts by Farbar Version: 10-05-2013
Ran by Greg-pc (administrator) on 09-06-2013 at 14:10:44
Windows XP (X86)
Running From: C:\Users\Greg-pc\Documents\Downloads
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 42%
Total physical RAM: 1790.42 MB
Available physical RAM: 1028.12 MB
Total Pagefile: 3580.84 MB
Available Pagefile: 2474.2 MB
Total Virtual: 2047.88 MB
Available Virtual: 1933.38 MB

======================= Partitions =========================

1 Drive c: (TI105866W0A) (Fixed) (Total:223.33 GB) (Free:177.52 GB) NTFS
2 Drive d: (RA1) (CDROM) (Total:0.64 GB) (Free:0 GB) CDFS

  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          232 GB      0 B         

Partitions of Disk 0:
===============

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Recovery          1500 MB  1024 KB
  Partition 2    Primary            223 GB  1501 MB
  Partition 3    Primary              8 GB   224 GB

======================================================================================================

Disk: 0
Partition 1
Type  : 27
Hidden: Yes
Active: Yes

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2         System       NTFS   Partition   1500 MB  Healthy    Hidden  

======================================================================================================

Disk: 0
Partition 2
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     C   TI105866W0A  NTFS   Partition    223 GB  Healthy    Boot    

======================================================================================================

Disk: 0
Partition 3
Type  : 17
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: 96360D50
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=223 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=8 GB) - (Type=17)


****** End Of Log ******

I will run for awhile and let you know how its running

when she tries to play on fb its slow but that could be the fb



#11 grnelf56

grnelf56
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:49 AM

Posted 09 June 2013 - 04:15 PM

the white smoke translator still popping up and a program called ot skin cannot load  i appreciate the patience in this


Edited by grnelf56, 09 June 2013 - 04:52 PM.


#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:49 AM

Posted 09 June 2013 - 05:06 PM

1.

Download and run Junkware Removal Tool. ***Your Anti Virus may see this download as malicious, don't worry continue on. 

Please download Junkware Removal Tool to your desktop.

 

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
    the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next Reply.

 

2.

Please download Malwarebytes Anti-Malware mbamicontw5.gif and save it to your desktop.

  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
  • Double-click on the renamed file to install, then follow these instructions for doing a Quick Scan in normal mode.
  • Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.


Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • After completing the scan, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab .
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.


Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 grnelf56

grnelf56
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:49 AM

Posted 09 June 2013 - 05:40 PM

malware run log

alwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.09.05

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 10.0.9200.16576
Greg-pc :: GREG-PC-PC [administrator]

Protection: Enabled

6/9/2013 3:26:17 PM
mbam-log-2013-06-09 (15-26-17).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 278278
Time elapsed: 9 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 15
HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKCR\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKCR\Updater.AmiUpd.1 (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKCR\Updater.AmiUpd (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKCR\CLSID\{EE146ACC-D881-1414-2148-B1D008B47ADB} (PUP.ShopToWin) -> Quarantined and deleted successfully.
HKCR\TypeLib\{7BCF5449-286E-27B4-F9D4-B26439725A44} (PUP.ShopToWin) -> Delete on reboot.
HKCR\Interface\{611BBA16-61FE-D4D3-8DC8-87D0396B18B9} (PUP.ShopToWin) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE146ACC-D881-1414-2148-B1D008B47ADB} (PUP.ShopToWin) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE146ACC-D881-1414-2148-B1D008B47ADB} (PUP.ShopToWin) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE146ACC-D881-1414-2148-B1D008B47ADB} (PUP.ShopToWin) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EE146ACC-D881-1414-2148-B1D008B47ADB} (PUP.ShopToWin) -> Quarantined and deleted successfully.
HKCR\CLSID\{F122B94E-0C50-13C4-C9D3-893FAEFAD90B} (PUP.ShopToWin) -> Quarantined and deleted successfully.
HKCR\TypeLib\{1E04D1F8-15C9-DFA4-B131-886A302975E3} (PUP.ShopToWin) -> Quarantined and deleted successfully.
HKCR\Interface\{8DD78B0D-BFC4-0951-A445-1985F07F3BAB} (PUP.ShopToWin) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{F122B94E-0C50-13C4-C9D3-893FAEFAD90B} (PUP.ShopToWin) -> Data:  -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{f122b94e-0c50-13c4-c9d3-893faefad90b} (PUP.ShopToWin) -> Data:  -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
C:\Program Files\Shop to Win 27\Shop to Win 27.dll (PUP.ShopToWin) -> Quarantined and deleted successfully.
C:\Program Files\Shop to Win 27\Helper.dll (PUP.ShopToWin) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg-pc\Downloads\FlashPlayer_V.129361246b.exe (PUP.FakeFlash.Domaiq) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg-pc\Downloads\FlashPlayer_V.129369030b.exe (PUP.FakeFlash.Domaiq) -> Quarantined and deleted successfully.
C:\Users\Greg-pc\Downloads\FlashPlayer_V.129361246b.exe (PUP.FakeFlash.Domaiq) -> Quarantined and deleted successfully.
C:\Users\Greg-pc\Downloads\FlashPlayer_V.129369030b.exe (PUP.FakeFlash.Domaiq) -> Quarantined and deleted successfully.

(end)
 

 

alwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.09.05

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 10.0.9200.16576
Greg-pc :: GREG-PC-PC [administrator]

Protection: Enabled

6/9/2013 3:26:17 PM
12345.txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 278278
Time elapsed: 9 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 15
HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} (PUP.Software.Updater) -> No action taken.
HKCR\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Software.Updater) -> No action taken.
HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Software.Updater) -> No action taken.
HKCR\Updater.AmiUpd.1 (PUP.Software.Updater) -> No action taken.
HKCR\Updater.AmiUpd (PUP.Software.Updater) -> No action taken.
HKCR\CLSID\{EE146ACC-D881-1414-2148-B1D008B47ADB} (PUP.ShopToWin) -> No action taken.
HKCR\TypeLib\{7BCF5449-286E-27B4-F9D4-B26439725A44} (PUP.ShopToWin) -> No action taken.
HKCR\Interface\{611BBA16-61FE-D4D3-8DC8-87D0396B18B9} (PUP.ShopToWin) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE146ACC-D881-1414-2148-B1D008B47ADB} (PUP.ShopToWin) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE146ACC-D881-1414-2148-B1D008B47ADB} (PUP.ShopToWin) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE146ACC-D881-1414-2148-B1D008B47ADB} (PUP.ShopToWin) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EE146ACC-D881-1414-2148-B1D008B47ADB} (PUP.ShopToWin) -> No action taken.
HKCR\CLSID\{F122B94E-0C50-13C4-C9D3-893FAEFAD90B} (PUP.ShopToWin) -> No action taken.
HKCR\TypeLib\{1E04D1F8-15C9-DFA4-B131-886A302975E3} (PUP.ShopToWin) -> No action taken.
HKCR\Interface\{8DD78B0D-BFC4-0951-A445-1985F07F3BAB} (PUP.ShopToWin) -> No action taken.

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{F122B94E-0C50-13C4-C9D3-893FAEFAD90B} (PUP.ShopToWin) -> Data:  -> No action taken.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{f122b94e-0c50-13c4-c9d3-893faefad90b} (PUP.ShopToWin) -> Data:  -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
C:\Program Files\Shop to Win 27\Shop to Win 27.dll (PUP.ShopToWin) -> No action taken.
C:\Program Files\Shop to Win 27\Helper.dll (PUP.ShopToWin) -> No action taken.
C:\Documents and Settings\Greg-pc\Downloads\FlashPlayer_V.129361246b.exe (PUP.FakeFlash.Domaiq) -> No action taken.
C:\Documents and Settings\Greg-pc\Downloads\FlashPlayer_V.129369030b.exe (PUP.FakeFlash.Domaiq) -> No action taken.
C:\Users\Greg-pc\Downloads\FlashPlayer_V.129361246b.exe (PUP.FakeFlash.Domaiq) -> No action taken.
C:\Users\Greg-pc\Downloads\FlashPlayer_V.129369030b.exe (PUP.FakeFlash.Domaiq) -> No action taken.

(end)
 

junk ware removal

unkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x86
Ran by Greg-pc on Sun 06/09/2013 at 15:09:50.33
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\otshot



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\shoptowin
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\freecause
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\pricegong
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000100565.FCTB000100565Pos
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000100565.FCTB000100565Pos.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000100565.IEToolbar
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000100565.IEToolbar.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000100565.JSOptionsImpl
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000100565.JSOptionsImpl.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\FCTB000100565.FCTB000100565Pos
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\FCTB000100565.FCTB000100565Pos.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\FCTB000100565.IEToolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\FCTB000100565.IEToolbar.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\FCTB000100565.JSOptionsImpl
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\FCTB000100565.JSOptionsImpl.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{180780f0-b348-4b44-8210-94a8f3ee15b2}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{902875D8-4224-44FF-94FD-85DD554DA87D}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\Users\Greg-pc\AppData\LocalLow\FCTB000100565
Successfully deleted: [Folder] "C:\Program Files\otshot"
Successfully deleted: [Folder] "C:\Program Files\searchprotect"



~~~ FireFox

Emptied folder: C:\Users\Greg-pc\AppData\Roaming\mozilla\firefox\profiles\r0ddp0lr.default\minidumps [177 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 06/09/2013 at 15:19:22.17
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

ot shot is gone

 

white smoke translator still there running much better


Edited by grnelf56, 09 June 2013 - 06:29 PM.


#14 grnelf56

grnelf56
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:49 AM

Posted 09 June 2013 - 08:01 PM

i will not beable to get back on this computer until tuesday thank you for all the help I believe its sooooooo much better



#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:49 AM

Posted 11 June 2013 - 04:39 PM

Uninstalling A Program Through "add/remove"

Click "start" on the taskbar and then click on the "Control Panel" icon.
Please doubleclick the "Add or Remove Programs" icon
A list of programs installed will be "populated" this may take a bit of time.
If they exist, uninstall the following by clicking on the following entries and selecting "remove":

White Smoke Translater

Additional instructions can be found here if needed.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users