Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with CONDUIT search engine which is preventing access to google homepag


  • This topic is locked This topic is locked
18 replies to this topic

#1 yogivarun

yogivarun

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:14 AM

Posted 15 November 2013 - 09:11 AM

1. After downloading and installing a free software "FROG" (for opening RAR files), I found that homepages of all my three browsers viz. Firefox,Chrome & IE has changed from GOOGLE search to CONDUIT search with some advertisements.The option column of the browsers ,however, continue to show google as the homepage.

 

2.I have uninstalled Conduit as also Frog but the homepages continue to be conduit.

 

3.I have been able to remove Conduit from appearing in Firefox(thru about:config) but I neither get Conduit nor Firefox as homepage; however, I am able to access websites other than google.

 

In chrome , I am able to get the google search engine but it is not my usual search engine and when I  input the URL (google.co.in) of the search engine I do not access anything.

 

In Internet Explorer ,the position is different, everytime I try to access the Google homepage , the MS Windows Software site is opened.

 

As adviced , I reproduce below the contents of dds.txt :

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16520  BrowserJavaVersion: 10.45.2
Run by atul at 19:05:15 on 2013-11-15
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2038.836 [GMT 5.5:30]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Windows\hporclnr.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Windows\system32\spool\DRIVERS\W32X86\3\HP1005MC.EXE
C:\PROGRA~1\McAfee\MSC\McAPExe.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = Preserve
uDefault_Page_URL = hxxp://www.sony.com/vaiopeople
mStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
BHO: AutorunsDisabled - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [mcpltui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [OrderReminder] c:\program files\hewlett-packard\orderreminder\OrderReminder.exe
mRun: [HP OrderReminder Cleaner] c:\windows\hporclnr.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 46.47.67.135 8.8.8.8
TCP: Interfaces\{31A7B858-59F0-4E52-9C89-A89EF59ED55A} : DHCPNameServer = 46.47.67.135 8.8.8.8
TCP: Interfaces\{E0955D78-6212-4AB0-A778-407AAAF58D27} : DHCPNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: AutorunsDisabled - <Clsid value has no data>
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\30.0.1599.101\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1    www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\atul\appdata\roaming\mozilla\firefox\profiles\5anmq0jj.default-1378837892967\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.co.in/
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
FF - ExtSQL: 2013-11-07 18:53; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files\mozilla firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-4-4 13560]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2012-12-26 565416]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-12-26 210168]
R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [2013-4-7 54776]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2013-3-30 21504]
R2 HomeNetSvc;McAfee Home Network;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-4-7 184728]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2013-4-7 103112]
R2 McMPFSvc;McAfee Personal Firewall;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-4-7 184728]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-4-7 184728]
R2 mcpltsvc;McAfee Platform Services;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-4-7 184728]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-4-7 184728]
R2 mfecore;McAfee Anti-Malware Core;c:\program files\common files\mcafee\amcore\mcshield.exe [2013-4-7 632344]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2013-4-7 168880]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2013-4-7 171976]
R2 MOBKbackup;McAfee Online Backup;c:\program files\mcafee online backup\MOBKbackup.exe [2010-4-13 229688]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2013-7-3 660184]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2013-10-9 3275136]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-12-26 60480]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2012-12-26 234824]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-12-26 362640]
R3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\drivers\mfencbdc.sys [2012-11-2 252200]
R3 R5U870FLx86;R5U870 UVC Lower Filter  ;c:\windows\system32\drivers\R5U870FLx86.sys [2007-8-25 73472]
R3 R5U870FUx86;R5U870 UVC Upper Filter  ;c:\windows\system32\drivers\R5U870FUx86.sys [2007-8-25 43904]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-8-25 812544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 HWDeviceService.exe;HWDeviceService.exe;"c:\programdata\datacardservice\hwdeviceservice.exe" -/service --> c:\programdata\datacardservice\HWDeviceService.exe [?]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-9-5 171680]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2013-4-7 147472]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2012-12-26 65488]
S3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\drivers\mfencrk.sys [2012-11-2 81456]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf_x86.sys [2013-7-3 16024]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2013-7-3 1228504]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-11-15 09:00:26    --------    d-----w-    c:\users\atul\appdata\local\NativeMessaging
2013-11-15 09:00:18    --------    d-----w-    c:\users\atul\appdata\local\CRE
2013-11-15 08:57:07    --------    d-----w-    c:\users\atul\appdata\roaming\Philipp Winterberg
2013-11-14 05:36:02    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
2013-11-14 05:36:01    420864    ----a-w-    c:\windows\system32\vbscript.dll
2013-11-14 05:36:00    768512    ----a-w-    c:\program files\common files\microsoft shared\vgx\VGX.dll
2013-11-14 05:36:00    149744    ----a-w-    c:\program files\internet explorer\sqmapi.dll
2013-11-13 10:39:49    --------    d-----w-    c:\program files\HP
2013-11-13 10:39:32    229376    ----a-w-    c:\windows\system32\spool\prtprocs\w32x86\HP1005S.DLL
2013-11-13 10:36:14    --------    d--h--w-    c:\program files\Agilent-HP
2013-11-13 04:28:51    993792    ----a-w-    c:\windows\system32\crypt32.dll
2013-11-13 04:27:21    297984    ----a-w-    c:\windows\system32\gdi32.dll
2013-11-13 04:26:06    444928    ----a-w-    c:\windows\system32\IKEEXT.DLL
2013-11-13 04:26:05    596480    ----a-w-    c:\windows\system32\FWPUCLNT.DLL
2013-11-08 07:47:35    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-11-07 13:22:30    --------    d-----r-    c:\program files\Skype
2013-11-01 17:12:42    --------    d-----w-    C:\9c936de8ab8f6d81435d3c0488
2013-10-19 04:19:23    --------    d-----w-    C:\ce2178abaf9bd405eed52301e701ae
2013-10-18 04:31:03    --------    d-----w-    C:\930adb24b808b1981abbeee7
.
==================== Find3M  ====================
.
2013-10-13 09:48:06    1806848    ----a-w-    c:\windows\system32\jscript9.dll
2013-10-13 09:35:52    1427968    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-10-13 09:35:38    1129472    ----a-w-    c:\windows\system32\wininet.dll
2013-10-13 09:30:14    142848    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-10-12 09:05:02    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-12 09:05:02    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-08-29 07:36:04    2050048    ----a-w-    c:\windows\system32\win32k.sys
2013-08-27 02:47:50    219648    ----a-w-    c:\windows\system32\d3d10_1core.dll
2013-08-27 02:47:50    189952    ----a-w-    c:\windows\system32\d3d10core.dll
2013-08-27 02:47:50    160768    ----a-w-    c:\windows\system32\d3d10_1.dll
2013-08-27 02:47:50    1029120    ----a-w-    c:\windows\system32\d3d10.dll
2013-08-27 01:52:08    1172480    ----a-w-    c:\windows\system32\d3d10warp.dll
2013-08-27 01:50:40    486400    ----a-w-    c:\windows\system32\d3d10level9.dll
2013-08-27 01:32:20    683008    ----a-w-    c:\windows\system32\d2d1.dll
2013-08-27 01:28:36    1069056    ----a-w-    c:\windows\system32\DWrite.dll
2013-08-27 01:28:35    798208    ----a-w-    c:\windows\system32\FntCache.dll
.
============= FINISH: 19:06:13.53 ===============

Attached File  attach.txt   14.57KB   0 downloads

 

Pl do help.

 

 


Whatever Life takes away from you, let it go.

When you surrender and let go of the past,

you allow yourself to live in the moment.


BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:44 AM

Posted 15 November 2013 - 09:43 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also

 

 

 

Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 yogivarun

yogivarun
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:14 AM

Posted 16 November 2013 - 01:22 AM

1. As adviced, scan was done thru AdwCleaner and the results are as below :

 

# AdwCleaner v3.012 - Report created 15/11/2013 at 21:32:11
# Updated 11/11/2013 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : atul - ATUL-PC
# Running from : C:\Users\atul\Downloads\adwcleaner(1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16520


-\\ Mozilla Firefox v20.0.1 (en-US)

[ File : C:\Users\atul\AppData\Roaming\Mozilla\Firefox\Profiles\5anmq0jj.default-1378837892967\prefs.js ]


[ File : C:\Users\sudha\AppData\Roaming\Mozilla\Firefox\Profiles\ngjy9r5z.default\prefs.js ]


-\\ Google Chrome v30.0.1599.101

[ File : C:\Users\atul\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\sudha\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2209 octets] - [11/09/2013 22:49:38]
AdwCleaner[R1].txt - [1334 octets] - [23/09/2013 23:41:42]
AdwCleaner[R2].txt - [5213 octets] - [15/11/2013 17:59:35]
AdwCleaner[R3].txt - [1466 octets] - [15/11/2013 18:09:27]
AdwCleaner[R4].txt - [1589 octets] - [15/11/2013 21:31:11]
AdwCleaner[S0].txt - [1887 octets] - [11/09/2013 22:52:46]
AdwCleaner[S1].txt - [1397 octets] - [23/09/2013 23:43:34]
AdwCleaner[S2].txt - [5301 octets] - [15/11/2013 18:02:46]
AdwCleaner[S3].txt - [1527 octets] - [15/11/2013 18:11:05]
AdwCleaner[S4].txt - [1510 octets] - [15/11/2013 21:32:11]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1570 octets] ##########
 

2. By mistake , JRT was run initially without Administrator privileges and the results were as below :

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows Vista ™ Home Premium x86
Ran by atul on Fri 11/15/2013 at 21:40:31.08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{188060FB-8808-4888-AFF7-C9845B054B4B}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\atul\appdata\local\cre"



~~~ FireFox

Emptied folder: C:\Users\atul\AppData\Roaming\mozilla\firefox\profiles\5anmq0jj.default-1378837892967\minidumps [24 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 11/15/2013 at 21:46:44.59
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

3. After realization of the mistake , JRT was again run as Administrator and the results were as below :

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows Vista ™ Home Premium x86
Ran by atul on Sat 11/16/2013 at 10:22:10.79
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\atul\AppData\Roaming\mozilla\firefox\profiles\5anmq0jj.default-1378837892967\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 11/16/2013 at 10:30:32.21
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

4. However, I would now like to report that I am now able to access my home page google thru all the 3 browsers.

 

5. Pl do advice further action,if any, to be now taken.

 

Thx.
 


Whatever Life takes away from you, let it go.

When you surrender and let go of the past,

you allow yourself to live in the moment.


#4 yogivarun

yogivarun
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:14 AM

Posted 16 November 2013 - 08:24 AM

I would just like to inform that something strange is happening since I am not able to access google.co.in ( My Homepage) once again thru all my 3 browsers.Other websites are accessible.

 

Pl advice further action to be taken .

 

Thx.


Whatever Life takes away from you, let it go.

When you surrender and let go of the past,

you allow yourself to live in the moment.


#5 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:44 AM

Posted 18 November 2013 - 03:23 AM

Scan with Farbar´s Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender

  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#6 yogivarun

yogivarun
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:14 AM

Posted 20 November 2013 - 11:59 AM

The required log is as below :

 

Farbar Service Scanner Version: 10-11-2013
Ran by atul (administrator) on 20-11-2013 at 22:23:51
Running from "C:\Users\atul\Desktop"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is set to Disabled. The default start type is Auto.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

 

Pl advice.

 

Thx.


Whatever Life takes away from you, let it go.

When you surrender and let go of the past,

you allow yourself to live in the moment.


#7 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:44 AM

Posted 21 November 2013 - 03:38 AM

ESET Services Repair

Download ESET services repair from here and save the file to your desktop.

Run it by right click --> "run as administrator".

After the tool is finished, reboot and provide a new fss log.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#8 yogivarun

yogivarun
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:14 AM

Posted 21 November 2013 - 04:09 AM

The new fss log is as below :

 

Farbar Service Scanner Version: 10-11-2013
Ran by atul (administrator) on 21-11-2013 at 14:36:33
Running from "C:\Users\atul\Desktop"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
Checking LEGACY_wscsvc: ATTENTION!=====> Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****


Whatever Life takes away from you, let it go.

When you surrender and let go of the past,

you allow yourself to live in the moment.


#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:44 AM

Posted 21 November 2013 - 06:07 AM

Windows Repair (all-in-one)

Please download Windows Repair (all in one) from here.

Install the program then run it.

Go to step 2 and allow it to run Disk check.

Capture3.gif

Once that is done then go to step 3 and allow it to run SFC by clicking Do it

Capture.gif


On the Start Repairs tab, click Start.
Within the opening window, hit unselect all.
Check only the following:



  • Reset Registry Permissions
  • Reset File Permissions
  • Register System Files
  • Repair Windows Firewall
  • Repair Windows Updates


then click on Start

DON'T use the computer while each scan is in progress.

Restart may be needed to finish the repair procedure.

Let me know how that worked out for you.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#10 yogivarun

yogivarun
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:14 AM

Posted 21 November 2013 - 11:21 PM

This appears to be working. Google home page is restored in all the 3 browsers and I am getting all google services as usual.

 

I am extremely thankful to the prompt help given at the forum by you. I shall further appreciate if I could be informed of the steps I should take so as to ensure that my system continues uninfected.

 

Thanks a lot.


Whatever Life takes away from you, let it go.

When you surrender and let go of the past,

you allow yourself to live in the moment.


#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:44 AM

Posted 22 November 2013 - 03:24 AM

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#12 yogivarun

yogivarun
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:14 AM

Posted 22 November 2013 - 09:04 AM

The requisite log is as below :

 

C:\AdwCleaner\Quarantine\C\Program Files\Mozilla Firefox\nsprotector.js.vir    Win32/Conduit.SearchProtect.A application
C:\AdwCleaner\Quarantine\C\Users\atul\AppData\Local\Temp\CT3306061\ieLogic.exe.vir    multiple threats

 

 

 


Whatever Life takes away from you, let it go.

When you surrender and let go of the past,

you allow yourself to live in the moment.


#13 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:44 AM

Posted 22 November 2013 - 09:18 AM

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also


SecurityCheck

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#14 yogivarun

yogivarun
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:14 AM

Posted 22 November 2013 - 11:09 AM

1. The results of AdwCleaner are as below :

 

# AdwCleaner v3.012 - Report created 22/11/2013 at 21:23:25
# Updated 11/11/2013 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : atul - ATUL-PC
# Running from : C:\Users\atul\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16520


-\\ Mozilla Firefox v20.0.1 (en-US)

[ File : C:\Users\atul\AppData\Roaming\Mozilla\Firefox\Profiles\5anmq0jj.default-1378837892967\prefs.js ]


[ File : C:\Users\sudha\AppData\Roaming\Mozilla\Firefox\Profiles\ngjy9r5z.default\prefs.js ]


-\\ Google Chrome v31.0.1650.57

[ File : C:\Users\atul\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\sudha\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2209 octets] - [11/09/2013 22:49:38]
AdwCleaner[R1].txt - [1334 octets] - [23/09/2013 23:41:42]
AdwCleaner[R2].txt - [5213 octets] - [15/11/2013 17:59:35]
AdwCleaner[R3].txt - [1466 octets] - [15/11/2013 18:09:27]
AdwCleaner[R4].txt - [1589 octets] - [15/11/2013 21:31:11]
AdwCleaner[R5].txt - [1703 octets] - [22/11/2013 21:21:36]
AdwCleaner[S0].txt - [1887 octets] - [11/09/2013 22:52:46]
AdwCleaner[S1].txt - [1397 octets] - [23/09/2013 23:43:34]
AdwCleaner[S2].txt - [5301 octets] - [15/11/2013 18:02:46]
AdwCleaner[S3].txt - [1527 octets] - [15/11/2013 18:11:05]
AdwCleaner[S4].txt - [1650 octets] - [15/11/2013 21:32:11]
AdwCleaner[S5].txt - [1624 octets] - [22/11/2013 21:23:25]

########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [1684 octets] ##########
 

2. The results of Security Check Scan as below :

 

 Results of screen317's Security Check version 0.99.77  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 MVPS Hosts File  
 Secunia PSI (3.0.0.7011)   
 CCleaner     
 Java 7 Update 45  
 Adobe Flash Player     11.9.900.117  
 Adobe Reader 10.1.8 Adobe Reader out of Date!  
 Mozilla Firefox 20.0.1 Firefox out of Date!  
 Google Chrome 30.0.1599.101  
 Google Chrome 31.0.1650.57  
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSASCui.exe
 Windows Defender MSASCui.exe   
 McAfee Online Backup MOBKbackup.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 6 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

 

3. Thanks.
 


Whatever Life takes away from you, let it go.

When you surrender and let go of the past,

you allow yourself to live in the moment.


#15 yogivarun

yogivarun
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:14 AM

Posted 22 November 2013 - 11:40 AM

I just noted and wish to inform that :

 

1. The Mozilla version I am using is the latest available i.e. 25.0.1 and I do not know why the Security Check scan shows it to be 20.0.1

 

2. My Adobe Reader version is 10.1.8 which is indeed the latest one.

 

Thx.


Whatever Life takes away from you, let it go.

When you surrender and let go of the past,

you allow yourself to live in the moment.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users