Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Think I've got beesq.net virus but can't find a link here.


  • Please log in to reply
9 replies to this topic

#1 jimvt

jimvt

  • Members
  • 162 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vermont
  • Local time:08:43 AM

Posted 31 July 2013 - 01:55 PM

Think I've got beesq.net virus but can't find a link for help here

Edit: Moved topic from AntiVirus, Firewall and Privacy Products and Protection Methods to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:43 PM

Posted 31 July 2013 - 08:03 PM

Hi -

The redirect infection can usually be removed with a few tools as listed below >

 

:step1: Scan your machine with ESET OnlineScan
1.Hold down Control and click HERE to open ESET OnlineScan in a new window.
2.Click the ESET Online Scanner button.
3.NOTE :.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

 

  • .Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • .Double click on the ESET Online Scanner icon on your desktop.

 

 4.Check "YES, I accept the Terms of Use."
 5.Click the Start button.
 6.Accept any security warnings from your browser.
 7.Under scan settings, check "Scan Archives" and "Remove found threats"
8.Click Advanced settings and select the following:
Scan potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth technology

 9.ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this will take some time to download the program for a first time, and then download updated data base (1 to 2  hours is not unusual)
10.When the scan completes, click List Threats
11.Click Export, and save the file to your desktop using a unique name, such as ESETScan.
- Include the contents of this report in your next reply.
12.Click the Back button.
13.Click the Finish button

 

 

:step2: Please download AdwCleaner by Xplode onto your desktop.

*Now close all open programs and internet browsers.
*Double click on adwcleaner.exe to run the tool.
*Click on Delete.
*Confirm each time with Ok.
* NOTE :Your computer will be rebooted automatically. A text file will open after the restart.

*Please post the contents of that logfile with your next reply.
*You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

 

:step3: Only when these are finished, Please download TFC, or Temp File Cleaner by Old Timer
Usage Instructions:

  • Download TFC from the download link above and save the file on your desktop.
  • Close ALL running applications as TFC will terminate them before attempting to clean up the temporary files.
  • Double-click on the TFC icon.
  • When the program opens, click on the Start button.  TFC will terminate the Explorer process and all running applications and then begin the process of cleaning out all of your temp folders.
  • When done, press OK to reboot your computer and finish the cleanup.

Note: Depending on how much data is currently stored in the Temp folders, this process can take quite a while to remove all of the files, so please be patient.

 

 

Thanks -



#3 jimvt

jimvt
  • Topic Starter

  • Members
  • 162 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vermont
  • Local time:08:43 AM

Posted 01 August 2013 - 08:30 AM

I've got the reports but somehowcopy and paste won't work!



#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:43 PM

Posted 01 August 2013 - 09:30 AM

Hi -

(Simple Method) Highlight the logs with the Left mouse button and press Control + C to copy.

Now it is saved.

Come back here and Left click in the open Reply Box and press Control + V to paste -

You are not able to Attach logs in this area, so they must be Copy / Pasted here.

 

Please ask for any extra help if required and I will always try to show you.

 

You only need to post one log at a time and that is enough -

 

Thank You -

 

Example below > I highlighted your reply, pressed Control + C, then below this line I Left Clicked at the start of the line, and pressed  Control + V and your reply shows up .......

 

""I've got the reports but somehowcopy and paste won't work!""

 

 

http://www.bleepingcomputer.com/tutorials/cut-copy-and-paste-in-windows/

A Tutorial from our data bank ( it is a bit long) but may show something I have missed .......


Edited by noknojon, 01 August 2013 - 09:34 AM.


#5 jimvt

jimvt
  • Topic Starter

  • Members
  • 162 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vermont
  • Local time:08:43 AM

Posted 01 August 2013 - 09:41 AM

C:\Documents and Settings\All Users\Application Data\APN\APN-Stub\W3IV6-G\APNIC.7z    Win32/Bundled.Toolbar.Ask.B application    deleted - quarantined
C:\Documents and Settings\All Users\Application Data\APN\APN-Stub\W3IV6-G\APNIC.dll    Win32/Bundled.Toolbar.Ask.B application    cleaned by deleting - quarantined
C:\Documents and Settings\Owner\My Documents\Downloads\WinZip170.exe    a variant of Win32/OpenInstall applicC:\Documents and Settings\All Users\Application Data\APN\APN-Stub\W3IV6-G\APNIC.7z    Win32/Bundled.Toolbar.Ask.B application    deleted - quarantined
C:\Documents and Settings\All Users\Application Data\APN\APN-Stub\W3IV6-G\APNIC.dll    Win32/Bundled.Toolbar.Ask.B application    cleaned by deleting - quarantined
C:\Documents and Settings\Owner\My Documents\Downloads\WinZip170.exe    a variant of Win32/OpenInstall application    cleaned by deleting - quarantined
C:\WINDOWS\Downloaded Installations\{D764D5AB-33E4-49F7-A517-5898AB6E5564}\YouSendIt Express.msi    a variant of Win32/Bundled.Toolbar.Ask application    deleted - quarantined
ation    cleaned by deleting - quarantined
C:\WINDOWS\Downloaded Installations\{D764D5AB-33E4-49F7-A517-5898AB6E5564}\YouSendIt Express.msi    a variant of Win32/Bundled.Toolbar.Ask application    deleted - quarantined
C:\Documents and Settings\All Users\Application Data\APN\APN-Stub\W3IV6-G\APNIC.7z    Win32/Bundled.Toolbar.Ask.B application    deleted - quarantined
C:\Documents and Settings\All Users\Application Data\APN\APN-Stub\W3IV6-G\APNIC.dll    Win32/Bundled.Toolbar.Ask.B application    cleaned by deleting - quarantined
C:\Documents and Settings\Owner\My Documents\Downloads\WinZip170.exe    a variant of Win32/OpenInstall applicC:\Documents and Settings\All Users\Application Data\APN\APN-Stub\W3IV6-G\APNIC.7z    Win32/Bundled.Toolbar.Ask.B application    deleted - quarantined
C:\Documents and Settings\All Users\Application Data\APN\APN-Stub\W3IV6-G\APNIC.dll    Win32/Bundled.Toolbar.Ask.B application    cleaned by deleting - quarantined
C:\Documents and Settings\Owner\My Documents\Downloads\WinZip170.exe    a variant of Win32/OpenInstall application    cleaned by deleting - quarantined
C:\WINDOWS\Downloaded Installations\{D764D5AB-33E4-49F7-A517-5898AB6E5564}\YouSendIt Express.msi    a variant of Win32/Bundled.Toolbar.Ask application    deleted - quarantined
ation    cleaned by deleting - quarantined
C:\WINDOWS\Downloaded Installations\{D764D5AB-33E4-49F7-A517-5898AB6E5564}\YouSendIt Express.msi    a variant of Win32/Bundled.Toolbar.Ask application    deleted - quarantined
 

C:\Documents and Settings\All Users\Application Data\APN\APN-Stub\W3IV6-G\APNIC.7z    Win32/Bundled.Toolbar.Ask.B application    deleted - quarantined
C:\Documents and Settings\All Users\Application Data\APN\APN-Stub\W3IV6-G\APNIC.dll    Win32/Bundled.Toolbar.Ask.B application    cleaned by deleting - quarantined
C:\Documents and Settings\Owner\My Documents\Downloads\WinZip170.exe    a variant of Win32/OpenInstall applicC:\Documents and Settings\All Users\Application Data\APN\APN-Stub\W3IV6-G\APNIC.7z    Win32/Bundled.Toolbar.Ask.B application    deleted - quarantined
C:\Documents and Settings\All Users\Application Data\APN\APN-Stub\W3IV6-G\APNIC.dll    Win32/Bundled.Toolbar.Ask.B application    cleaned by deleting - quarantined
C:\Documents and Settings\Owner\My Documents\Downloads\WinZip170.exe    a variant of Win32/OpenInstall application    cleaned by deleting - quarantined
C:\WINDOWS\Downloaded Installations\{D764D5AB-33E4-49F7-A517-5898AB6E5564}\YouSendIt Express.msi    a variant of Win32/Bundled.Toolbar.Ask application    deleted - quarantined
ation    cleaned by deleting - quarantined
C:\WINDOWS\Downloaded Installations\{D764D5AB-33E4-49F7-A517-5898AB6E5564}\YouSendIt Express.msi    a variant of Win32/Bundled.Toolbar.Ask application    deleted - quarantined
C:\Documents and Settings\All Users\Application Data\APN\APN-Stub\W3IV6-G\APNIC.7z    Win32/Bundled.Toolbar.Ask.B application    deleted - quarantined
C:\Documents and Settings\All Users\Application Data\APN\APN-Stub\W3IV6-G\APNIC.dll    Win32/Bundled.Toolbar.Ask.B application    cleaned by deleting - quarantined
C:\Documents and Settings\Owner\My Documents\Downloads\WinZip170.exe    a variant of Win32/OpenInstall applicC:\Documents and Settings\All Users\Application Data\APN\APN-Stub\W3IV6-G\APNIC.7z    Win32/Bundled.Toolbar.Ask.B application    deleted - quarantined
C:\Documents and Settings\All Users\Application Data\APN\APN-Stub\W3IV6-G\APNIC.dll    Win32/Bundled.Toolbar.Ask.B application    cleaned by deleting - quarantined
C:\Documents and Settings\Owner\My Documents\Downloads\WinZip170.exe    a variant of Win32/OpenInstall application    cleaned by deleting - quarantined
C:\WINDOWS\Downloaded Installations\{D764D5AB-33E4-49F7-A517-5898AB6E5564}\YouSendIt Express.msi    a variant of Win32/Bundled.Toolbar.Ask application    deleted - quarantined
ation    cleaned by deleting - quarantined
C:\WINDOWS\Downloaded Installations\{D764D5AB-33E4-49F7-A517-5898AB6E5564}\YouSendIt Express.msi    a variant of Win32/Bundled.Toolbar.Ask application    deleted - quarantined
 

C:\Documents and Settings\All Users\Application Data\APN\APN-Stub\W3IV6-G\APNIC.7z    Win32/Bundled.Toolbar.Ask.B application    deleted - quarantined
C:\Documents and Settings\All Users\Application Data\APN\APN-Stub\W3IV6-G\APNIC.dll    Win32/Bundled.Toolbar.Ask.B application    cleaned by deleting - quarantined
C:\Documents and Settings\Owner\My Documents\Downloads\WinZip170.exe    a variant of Win32/OpenInstall applicC:\Documents and Settings\All Users\Application Data\APN\APN-Stub\W3IV6-G\APNIC.7z    Win32/Bundled.Toolbar.Ask.B application    deleted - quarantined
C:\Documents and Settings\All Users\Application Data\APN\APN-Stub\W3IV6-G\APNIC.dll    Win32/Bundled.Toolbar.Ask.B application    cleaned by deleting - quarantined
C:\Documents and Settings\Owner\My Documents\Downloads\WinZip170.exe    a variant of Win32/OpenInstall application    cleaned by deleting - quarantined
C:\WINDOWS\Downloaded Installations\{D764D5AB-33E4-49F7-A517-5898AB6E5564}\YouSendIt Express.msi    a variant of Win32/Bundled.Toolbar.Ask application    deleted - quarantined
ation    cleaned by deleting - quarantined
C:\WINDOWS\Downloaded Installations\{D764D5AB-33E4-49F7-A517-5898AB6E5564}\YouSendIt Express.msi    a variant of Win32/Bundled.Toolbar.Ask application    deleted - quarantined
C:\Documents and Settings\All Users\Application Data\APN\APN-Stub\W3IV6-G\APNIC.7z    Win32/Bundled.Toolbar.Ask.B application    deleted - quarantined
C:\Documents and Settings\All Users\Application Data\APN\APN-Stub\W3IV6-G\APNIC.dll    Win32/Bundled.Toolbar.Ask.B application    cleaned by deleting - quarantined
C:\Documents and Settings\Owner\My Documents\Downloads\WinZip170.exe    a variant of Win32/OpenInstall applicC:\Documents and Settings\All Users\Application Data\APN\APN-Stub\W3IV6-G\APNIC.7z    Win32/Bundled.Toolbar.Ask.B application    deleted - quarantined
C:\Documents and Settings\All Users\Application Data\APN\APN-Stub\W3IV6-G\APNIC.dll    Win32/Bundled.Toolbar.Ask.B application    cleaned by deleting - quarantined
C:\Documents and Settings\Owner\My Documents\Downloads\WinZip170.exe    a variant of Win32/OpenInstall application    cleaned by deleting - quarantined
C:\WINDOWS\Downloaded Installations\{D764D5AB-33E4-49F7-A517-5898AB6E5564}\YouSendIt Express.msi    a variant of Win32/Bundled.Toolbar.Ask application    deleted - quarantined
ation    cleaned by deleting - quarantined
C:\WINDOWS\Downloaded Installations\{D764D5AB-33E4-49F7-A517-5898AB6E5564}\YouSendIt Express.msi    a variant of Win32/Bundled.Toolbar.Ask application    deleted - quarantined
C:\Documents and Settings\All Users\Application Data\APN\APN-Stub\W3IV6-G\APNIC.7z    Win32/Bundled.Toolbar.Ask.B application    deleted - quarantined
C:\Documents and Settings\All Users\Application Data\APN\APN-Stub\W3IV6-G\APNIC.dll    Win32/Bundled.Toolbar.Ask.B application    cleaned by deleting - quarantined
C:\Documents and Settings\Owner\My Documents\Downloads\WinZip170.exe    a variant of Win32/OpenInstall applicC:\Documents and Settings\All Users\Application Data\APN\APN-Stub\W3IV6-G\APNIC.7z    Win32/Bundled.Toolbar.Ask.B application    deleted - quarantined
C:\Documents and Settings\All Users\Application Data\APN\APN-Stub\W3IV6-G\APNIC.dll    Win32/Bundled.Toolbar.Ask.B application    cleaned by deleting - quarantined
C:\Documents and Settings\Owner\My Documents\Downloads\WinZip170.exe    a variant of Win32/OpenInstall application    cleaned by deleting - quarantined
C:\WINDOWS\Downloaded Installations\{D764D5AB-33E4-49F7-A517-5898AB6E5564}\YouSendIt Express.msi    a variant of Win32/Bundled.Toolbar.Ask application    deleted - quarantined
ation    cleaned by deleting - quarantined
C:\WINDOWS\Downloaded Installations\{D764D5AB-33E4-49F7-A517-5898AB6E5564}\YouSendIt Express.msi    a variant of Win32/Bundled.Toolbar.Ask application    deleted - quarantined
C:\Documents and Settings\All Users\Application Data\APN\APN-Stub\W3IV6-G\APNIC.7z    Win32/Bundled.Toolbar.Ask.B application    deleted - quarantined
C:\Documents and Settings\All Users\Application Data\APN\APN-Stub\W3IV6-G\APNIC.dll    Win32/Bundled.Toolbar.Ask.B application    cleaned by deleting - quarantined
C:\Documents and Settings\Owner\My Documents\Downloads\WinZip170.exe    a variant of Win32/OpenInstall applicC:\Documents and Settings\All Users\Application Data\APN\APN-Stub\W3IV6-G\APNIC.7z    Win32/Bundled.Toolbar.Ask.B application    deleted - quarantined
C:\Documents and Settings\All Users\Application Data\APN\APN-Stub\W3IV6-G\APNIC.dll    Win32/Bundled.Toolbar.Ask.B application    cleaned by deleting - quarantined
C:\Documents and Settings\Owner\My Documents\Downloads\WinZip170.exe    a variant of Win32/OpenInstall application    cleaned by deleting - quarantined
C:\WINDOWS\Downloaded Installations\{D764D5AB-33E4-49F7-A517-5898AB6E5564}\YouSendIt Express.msi    a variant of Win32/Bundled.Toolbar.Ask application    deleted - quarantined
ation    cleaned by deleting - quarantined
C:\WINDOWS\Downloaded Installations\{D764D5AB-33E4-49F7-A517-5898AB6E5564}\YouSendIt Express.msi    a variant of Win32/Bundled.Toolbar.Ask application    deleted - quarantined
 

# AdwCleaner v2.306 - Logfile created 08/01/2013 at 08:52:35
# Updated 19/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - HOME-0FR56AFNTH
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner\My Documents\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\WINDOWS\Tasks\Protected Search.job
Folder Found : C:\Documents and Settings\All Users\Application Data\APN
Folder Found : C:\Documents and Settings\Owner\Application Data\DriverCure
Folder Found : C:\Program Files\SendSpace

***** [Registry] *****

Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\ProtectedSearch
Key Found : HKCU\Software\Softonic
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DownTango
Key Found : HKLM\Software\InstallIQ
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102}
Key Found : HKLM\Software\PIP
Value Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [BrowserMngrDefaultScope]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[HKCU\Software\Microsoft\Internet Explorer\Search - Start Page] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=592
[HKCU\Software\Microsoft\Internet Explorer\Search - Start Default_Page_URL] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=592
[HKCU\Software\Microsoft\Internet Explorer\Search - Search Bar] = hxxp://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
[HKCU\Software\Microsoft\Internet Explorer\Search - Search Page] = hxxp://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Start Page] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=592
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Start Default_Page_URL] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=592
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Search Bar] = hxxp://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Search Page] = hxxp://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
[HKCU\Software\Microsoft\Internet Explorer\SearchUrl - (Default)] = hxxp://search.certified-toolbar.com?si=41460&bs=true&tid=592&q=%s
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - (Default)] = hxxp://search.certified-toolbar.com?si=41460&bs=true&tid=592&q=%s

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\rd7andsm.default-1366993584296\prefs.js

Found : user_pref("extensions.toolbar.mindspark._69Members_.homepage", "hxxp://home.tb.ask.com/index.jhtml?p[...]

File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\utw134u4.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Administrator.HOME-0FR56AFNTH\Application Data\Mozilla\Firefox\Profiles\ujj4oo6k.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R2].txt - [3482 octets] - [01/08/2013 08:52:35]

########## EOF - C:\AdwCleaner[R2].txt - [3542 octets] ##########
 

# AdwCleaner v2.306 - Logfile created 08/01/2013 at 08:52:35
# Updated 19/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - HOME-0FR56AFNTH
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner\My Documents\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\WINDOWS\Tasks\Protected Search.job
Folder Found : C:\Documents and Settings\All Users\Application Data\APN
Folder Found : C:\Documents and Settings\Owner\Application Data\DriverCure
Folder Found : C:\Program Files\SendSpace

***** [Registry] *****

Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\ProtectedSearch
Key Found : HKCU\Software\Softonic
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DownTango
Key Found : HKLM\Software\InstallIQ
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102}
Key Found : HKLM\Software\PIP
Value Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [BrowserMngrDefaultScope]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[HKCU\Software\Microsoft\Internet Explorer\Search - Start Page] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=592
[HKCU\Software\Microsoft\Internet Explorer\Search - Start Default_Page_URL] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=592
[HKCU\Software\Microsoft\Internet Explorer\Search - Search Bar] = hxxp://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
[HKCU\Software\Microsoft\Internet Explorer\Search - Search Page] = hxxp://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Start Page] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=592
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Start Default_Page_URL] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=592
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Search Bar] = hxxp://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Search Page] = hxxp://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
[HKCU\Software\Microsoft\Internet Explorer\SearchUrl - (Default)] = hxxp://search.certified-toolbar.com?si=41460&bs=true&tid=592&q=%s
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - (Default)] = hxxp://search.certified-toolbar.com?si=41460&bs=true&tid=592&q=%s

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\rd7andsm.default-1366993584296\prefs.js

Found : user_pref("extensions.toolbar.mindspark._69Members_.homepage", "hxxp://home.tb.ask.com/index.jhtml?p[...]

File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\utw134u4.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Administrator.HOME-0FR56AFNTH\Application Data\Mozilla\Firefox\Profiles\ujj4oo6k.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R2].txt - [3482 octets] - [01/08/2013 08:52:35]

########## EOF - C:\AdwCleaner[R2].txt - [3542 octets] ##########
 

# AdwCleaner v2.306 - Logfile created 08/01/2013 at 08:52:35
# Updated 19/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - HOME-0FR56AFNTH
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner\My Documents\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\WINDOWS\Tasks\Protected Search.job
Folder Found : C:\Documents and Settings\All Users\Application Data\APN
Folder Found : C:\Documents and Settings\Owner\Application Data\DriverCure
Folder Found : C:\Program Files\SendSpace

***** [Registry] *****

Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\ProtectedSearch
Key Found : HKCU\Software\Softonic
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DownTango
Key Found : HKLM\Software\InstallIQ
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102}
Key Found : HKLM\Software\PIP
Value Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [BrowserMngrDefaultScope]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[HKCU\Software\Microsoft\Internet Explorer\Search - Start Page] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=592
[HKCU\Software\Microsoft\Internet Explorer\Search - Start Default_Page_URL] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=592
[HKCU\Software\Microsoft\Internet Explorer\Search - Search Bar] = hxxp://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
[HKCU\Software\Microsoft\Internet Explorer\Search - Search Page] = hxxp://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Start Page] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=592
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Start Default_Page_URL] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=592
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Search Bar] = hxxp://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Search Page] = hxxp://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
[HKCU\Software\Microsoft\Internet Explorer\SearchUrl - (Default)] = hxxp://search.certified-toolbar.com?si=41460&bs=true&tid=592&q=%s
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - (Default)] = hxxp://search.certified-toolbar.com?si=41460&bs=true&tid=592&q=%s

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\rd7andsm.default-1366993584296\prefs.js

Found : user_pref("extensions.toolbar.mindspark._69Members_.homepage", "hxxp://home.tb.ask.com/index.jhtml?p[...]

File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\utw134u4.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Administrator.HOME-0FR56AFNTH\Application Data\Mozilla\Firefox\Profiles\ujj4oo6k.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R2].txt - [3482 octets] - [01/08/2013 08:52:35]

########## EOF - C:\AdwCleaner[R2].txt - [3542 octets] ##########
# AdwCleaner v2.306 - Logfile created 08/01/2013 at 08:52:35
# Updated 19/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - HOME-0FR56AFNTH
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner\My Documents\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\WINDOWS\Tasks\Protected Search.job
Folder Found : C:\Documents and Settings\All Users\Application Data\APN
Folder Found : C:\Documents and Settings\Owner\Application Data\DriverCure
Folder Found : C:\Program Files\SendSpace

***** [Registry] *****

Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\ProtectedSearch
Key Found : HKCU\Software\Softonic
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DownTango
Key Found : HKLM\Software\InstallIQ
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102}
Key Found : HKLM\Software\PIP
Value Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [BrowserMngrDefaultScope]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[HKCU\Software\Microsoft\Internet Explorer\Search - Start Page] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=592
[HKCU\Software\Microsoft\Internet Explorer\Search - Start Default_Page_URL] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=592
[HKCU\Software\Microsoft\Internet Explorer\Search - Search Bar] = hxxp://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
[HKCU\Software\Microsoft\Internet Explorer\Search - Search Page] = hxxp://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Start Page] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=592
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Start Default_Page_URL] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=592
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Search Bar] = hxxp://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Search Page] = hxxp://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
[HKCU\Software\Microsoft\Internet Explorer\SearchUrl - (Default)] = hxxp://search.certified-toolbar.com?si=41460&bs=true&tid=592&q=%s
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - (Default)] = hxxp://search.certified-toolbar.com?si=41460&bs=true&tid=592&q=%s

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\rd7andsm.default-1366993584296\prefs.js

Found : user_pref("extensions.toolbar.mindspark._69Members_.homepage", "hxxp://home.tb.ask.com/index.jhtml?p[...]

File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\utw134u4.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Administrator.HOME-0FR56AFNTH\Application Data\Mozilla\Firefox\Profiles\ujj4oo6k.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R2].txt - [3482 octets] - [01/08/2013 08:52:35]

########## EOF - C:\AdwCleaner[R2].txt - [3542 octets] ##########
 



#6 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:43 PM

Posted 01 August 2013 - 10:05 AM

This is one variation of the infection that you mention ... a variant of Win32/OpenInstall

 

This has been installed by you with a lot of downloads Toolbar.Ask application

 

Please Re-run Adware Cleaner but this time select DELETE option (not Search)

These all need to be removed ......................
hxxp://search.certified-toolbar.com?
hxxp://search.certified-toolbar.com?si=41460&home=true&tid=592
Software\DownTango
Software\InstallIQ
Software\Conduit
Software\ProtectedSearch

 

Remove all of those minor infections that are listed -

 

 

Thanks -



#7 jimvt

jimvt
  • Topic Starter

  • Members
  • 162 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vermont
  • Local time:08:43 AM

Posted 01 August 2013 - 10:25 AM

# AdwCleaner v2.306 - Logfile created 08/01/2013 at 11:20:55
# Updated 19/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - HOME-0FR56AFNTH
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner\My Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\rd7andsm.default-1366993584296\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\utw134u4.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Administrator.HOME-0FR56AFNTH\Application Data\Mozilla\Firefox\Profiles\ujj4oo6k.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R2].txt - [1 octets] - [01/08/2013 08:52:35]
AdwCleaner[R3].txt - [1335 octets] - [01/08/2013 11:18:33]
AdwCleaner[R4].txt - [1392 octets] - [01/08/2013 11:19:52]
AdwCleaner[S2].txt - [4079 octets] - [01/08/2013 08:53:54]
AdwCleaner[S3].txt - [1275 octets] - [01/08/2013 11:14:06]
AdwCleaner[S4].txt - [1323 octets] - [01/08/2013 11:20:55]

########## EOF - C:\AdwCleaner[S4].txt - [1383 octets] ##########
 

# AdwCleaner v2.306 - Logfile created 08/01/2013 at 11:20:55
# Updated 19/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - HOME-0FR56AFNTH
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner\My Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\rd7andsm.default-1366993584296\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\utw134u4.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Administrator.HOME-0FR56AFNTH\Application Data\Mozilla\Firefox\Profiles\ujj4oo6k.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R2].txt - [1 octets] - [01/08/2013 08:52:35]
AdwCleaner[R3].txt - [1335 octets] - [01/08/2013 11:18:33]
AdwCleaner[R4].txt - [1392 octets] - [01/08/2013 11:19:52]
AdwCleaner[S2].txt - [4079 octets] - [01/08/2013 08:53:54]
AdwCleaner[S3].txt - [1275 octets] - [01/08/2013 11:14:06]
AdwCleaner[S4].txt - [1323 octets] - [01/08/2013 11:20:55]

########## EOF - C:\AdwCleaner[S4].txt - [1383 octets] ##########
 

This is the text returned.

 

I ran ADW a couple of times.

 

Did it get the culprit?

 

Thanks very much for the help!



#8 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:43 PM

Posted 01 August 2013 - 05:21 PM

Hi -

Has the situation with your computer problem changed at all ?

 

We have removed several of the type of infections that can redirect and cause you pronlems -

 

Thanks -



#9 jimvt

jimvt
  • Topic Starter

  • Members
  • 162 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vermont
  • Local time:08:43 AM

Posted 02 August 2013 - 08:22 AM

G'day. Mate:

 

Yup everything seems to be kosher now as I have visited a number of sites without getting redirected!

 

Thanks for your help.

 

Good on ya!

 

Jim from Vermont



#10 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:43 PM

Posted 02 August 2013 - 02:18 PM

OK -

I will still keep an eye on here for a couple of days just to be sure -

 

Later Mate - :thumbup2:






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users