Jump to content

gumdrop

Honorary Members
 View Profile  See their activity

  • Posts

    57

  • Joined

  • Last visited

Reputation

0 Neutral
  1. gumdrop

    Thanks so much for the help. Very fast and understandable instructions. A great service.

  2. gumdrop
    Boot-up has slowed some but that is the only problem. Should I delete C;\_OLT\Moved Files and is there any other cleanup to do. Avira didn't see the virus, do you think any of the anti virus programs would have picked up the trojan before we were infected ? This trojan came from opening a film review on the web. Is there any safe way of checking unknown websites prior to opening them ? Again thanks for the support.
  3. gumdrop
    Hi..................Avira with no requests from us flagged up and quarantined............ C:\System Volume Information\_restore{A90..... ..... 71B}\RP2\A0000039.exe TR/Kazy.134631.1 .......................this morning.
  4. gumdrop
    I started a thread in Avira forums asking why Avira did not notice the trojan when real-time protection was running and received the following from Malwarebytes Also can you please go to C:\_OTL\MovedFiles and right click on the folder, select send to compressed(zip) folder that will make a zipped copy of this folder. Then please upload it to http://www.bleepingcomputer.com/submit-m…php?channel=122 so we can examine the files and submit to antivirus companies if needed. After that please delete the zip files you just created. Regards, Georgi I have submitted the file as requested. Yesterday when running a full scan of the system with MBAM, Avira found TR/Kazy.134631.1 in the OLT folder. Windows Security Centre is now working ok with firewall, updates and internet all working. I will reboot a few times to see if startup improves, it is running slower than prior to the infection.....Many Thanks for your help and look forward to getting your next posting. I
  5. gumdrop
    Farbar Service Scanner Version: 05-01-2013 Ran by Administrator (administrator) on 12-01-2013 at 23:06:02 Running from "C:\Documents and Settings\Administrator\Desktop" Microsoft Windows XP Service Pack 3 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Attempt to access Google IP returned error. Google IP is offline Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= sharedaccess Service is not running. Checking service configuration: The start type of sharedaccess service is OK. The ImagePath of sharedaccess service is OK. The ServiceDll of sharedaccess service is OK. winmgmt Service is not running. Checking service configuration: The start type of winmgmt service is OK. The ImagePath of winmgmt service is OK. The ServiceDll of winmgmt service is OK. Firewall Disabled Policy: ================== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=DWORD:0 System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ wscsvc Service is not running. Checking service configuration: The start type of wscsvc service is OK. The ImagePath of wscsvc service is OK. The ServiceDll of wscsvc service is OK. winmgmt Service is not running. Checking service configuration: The start type of winmgmt service is OK. The ImagePath of winmgmt service is OK. The ServiceDll of winmgmt service is OK. Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ File Check: ======== C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit C:\WINDOWS\system32\netman.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\srsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit C:\WINDOWS\system32\wscsvc.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\wuauserv.dll => MD5 is legit C:\WINDOWS\system32\qmgr.dll => MD5 is legit C:\WINDOWS\system32\es.dll => MD5 is legit C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll => MD5 is legit C:\WINDOWS\system32\services.exe => MD5 is legit Extra List: ======= Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4) 0x0B00000005000000010000000200000003000000040000000800000056000000070000000A0000000B00000006000000 IpSec Tag value is correct. **** End of log ****
  6. gumdrop
    As noted previously we have lost Security Centre
  7. gumdrop
    I hope by posting you mean't this, let me know if I got it wrong Results of screen317's Security Check version 0.99.56 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! WMI entry may not exist for antivirus; attempting automatic update. Avira successfully updated! `````````Anti-malware/Other Utilities Check:````````` SpywareBlaster 4.6 Spybot - Search & Destroy Secunia PSI (3.0.0.6001) Malwarebytes Anti-Malware version 1.70.0.1100 CCleaner Panda Cloud Cleaner Java 7 Update 10 Java version out of Date! Adobe Flash Player 11.5.502.146 Adobe Reader XI Mozilla Firefox (18.0) Mozilla Thunderbird (17.0.) ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 5% ````````````````````End of Log``````````````````````
  8. gumdrop
    # AdwCleaner v2.105 - Logfile created 01/12/2013 at 20:01:29 # Updated 08/01/2013 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : Administrator - DELL # Boot Mode : Normal # Running from : C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\user.js Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g54frmr5.default\extensions\staged Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kbx4p9zm.Default User 1\ConduitCommon Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit ***** [Registry] ***** Key Deleted : HKCU\Software\Headlight Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1 Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3015261 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registry is clean. -\\ Mozilla Firefox v18.0 (en-US) File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g54frmr5.default\prefs.js C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g54frmr5.default\user.js ... Deleted ! [OK] File is clean. File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kbx4p9zm.Default User 1\prefs.js C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kbx4p9zm.Default User 1\user.js ... Deleted ! Deleted : user_pref("CT2645238..clientLogIsEnabled", false); Deleted : user_pref("CT2645238..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Deleted : user_pref("CT2645238..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Deleted : user_pref("CT2645238.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Deleted : user_pref("CT2645238.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Deleted : user_pref("CT2645238.CTID", "CT2645238"); Deleted : user_pref("CT2645238.CurrentServerDate", "6-8-2012"); Deleted : user_pref("CT2645238.DSInstall", false); Deleted : user_pref("CT2645238.DialogsAlignMode", "LTR"); Deleted : user_pref("CT2645238.DialogsGetterLastCheckTime", "Mon Aug 06 2012 07:00:20 GMT+0100 (GMT Daylight T[...] Deleted : user_pref("CT2645238.DownloadReferralCookieData", ""); Deleted : user_pref("CT2645238.EMailNotifierPollDate", "Sat Jun 23 2012 10:51:02 GMT+0100 (GMT Daylight Time)"[...] Deleted : user_pref("CT2645238.FirstServerDate", "22-6-2012"); Deleted : user_pref("CT2645238.FirstTime", true); Deleted : user_pref("CT2645238.FirstTimeFF3", true); Deleted : user_pref("CT2645238.FixPageNotFoundErrors", true); Deleted : user_pref("CT2645238.GroupingServerCheckInterval", 1440); Deleted : user_pref("CT2645238.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Deleted : user_pref("CT2645238.HPInstall", false); Deleted : user_pref("CT2645238.HasUserGlobalKeys", true); Deleted : user_pref("CT2645238.HomePageProtectorEnabled", false); Deleted : user_pref("CT2645238.HomepageBeforeUnload", "chrome://branding/locale/browserconfig.properties"); Deleted : user_pref("CT2645238.Initialize", true); Deleted : user_pref("CT2645238.InitializeCommonPrefs", true); Deleted : user_pref("CT2645238.InstallationAndCookieDataSentCount", 3); Deleted : user_pref("CT2645238.InstallationId", "ct2645238_zonealarm_security.exe"); Deleted : user_pref("CT2645238.InstallationType", "ConduitXPEIntegration"); Deleted : user_pref("CT2645238.InstalledDate", "Fri Jun 22 2012 12:59:12 GMT+0100 (GMT Daylight Time)"); Deleted : user_pref("CT2645238.IsAlertDBUpdated", true); Deleted : user_pref("CT2645238.IsGrouping", false); Deleted : user_pref("CT2645238.IsInitSetupIni", true); Deleted : user_pref("CT2645238.IsMulticommunity", false); Deleted : user_pref("CT2645238.IsOpenThankYouPage", false); Deleted : user_pref("CT2645238.IsOpenUninstallPage", false); Deleted : user_pref("CT2645238.LanguagePackLastCheckTime", "Sun Aug 05 2012 10:11:02 GMT+0100 (GMT Daylight Ti[...] Deleted : user_pref("CT2645238.LanguagePackReloadIntervalMM", 1440); Deleted : user_pref("CT2645238.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Deleted : user_pref("CT2645238.LastLogin_3.13.0.6", "Mon Jul 16 2012 06:32:58 GMT+0100 (GMT Daylight Time)"); Deleted : user_pref("CT2645238.LastLogin_3.14.1.0", "Mon Aug 06 2012 06:48:37 GMT+0100 (GMT Daylight Time)"); Deleted : user_pref("CT2645238.LastLogin_3.9.0.3", "Sat Jun 23 2012 06:44:56 GMT+0100 (GMT Daylight Time)"); Deleted : user_pref("CT2645238.LatestVersion", "3.14.1.0"); Deleted : user_pref("CT2645238.Locale", "en"); Deleted : user_pref("CT2645238.MCDetectTooltipHeight", "83"); Deleted : user_pref("CT2645238.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Deleted : user_pref("CT2645238.MCDetectTooltipWidth", "295"); Deleted : user_pref("CT2645238.MyStuffEnabledAtInstallation", true); Deleted : user_pref("CT2645238.OriginalFirstVersion", "3.9.0.3"); Deleted : user_pref("CT2645238.SearchCaption", "ZoneAlarm Security Customized Web Search"); Deleted : user_pref("CT2645238.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties"); Deleted : user_pref("CT2645238.SearchFromAddressBarIsInit", true); Deleted : user_pref("CT2645238.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT264[...] Deleted : user_pref("CT2645238.SearchInNewTabEnabled", true); Deleted : user_pref("CT2645238.SearchInNewTabIntervalMM", 1440); Deleted : user_pref("CT2645238.SearchInNewTabLastCheckTime", "Sun Aug 05 2012 10:11:02 GMT+0100 (GMT Daylight [...] Deleted : user_pref("CT2645238.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Deleted : user_pref("CT2645238.SearchProtectorEnabled", false); Deleted : user_pref("CT2645238.SearchProtectorToolbarDisabled", true); Deleted : user_pref("CT2645238.SendProtectorDataViaLogin", true); Deleted : user_pref("CT2645238.ServiceMapLastCheckTime", "Sun Aug 05 2012 10:11:02 GMT+0100 (GMT Daylight Time[...] Deleted : user_pref("CT2645238.SettingsLastCheckTime", "Mon Aug 06 2012 06:48:36 GMT+0100 (GMT Daylight Time)"[...] Deleted : user_pref("CT2645238.SettingsLastUpdate", "1342353030"); Deleted : user_pref("CT2645238.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2645238&SearchSource=13"); Deleted : user_pref("CT2645238.ThirdPartyComponentsInterval", 504); Deleted : user_pref("CT2645238.ThirdPartyComponentsLastCheck", "Sat Jun 23 2012 07:37:29 GMT+0100 (GMT Dayligh[...] Deleted : user_pref("CT2645238.ThirdPartyComponentsLastUpdate", "1331805997"); Deleted : user_pref("CT2645238.ToolbarDisabled", true); Deleted : user_pref("CT2645238.ToolbarShrinkedFromSetup", false); Deleted : user_pref("CT2645238.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2645238"); Deleted : user_pref("CT2645238.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Deleted : user_pref("CT2645238.UserID", "UN41505695258218955"); Deleted : user_pref("CT2645238.ValidationData_Search", 0); Deleted : user_pref("CT2645238.ValidationData_Toolbar", 2); Deleted : user_pref("CT2645238.alertChannelId", "1037922"); Deleted : user_pref("CT2645238.autoDisableScopes", -1); Deleted : user_pref("CT2645238.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Deleted : user_pref("CT2645238.globalFirstTimeInfoLastCheckTime", "Fri Jun 22 2012 12:59:13 GMT+0100 (GMT Dayl[...] Deleted : user_pref("CT2645238.homepageProtectorEnableByLogin", true); Deleted : user_pref("CT2645238.initDone", true); Deleted : user_pref("CT2645238.isAppTrackingManagerOn", true); Deleted : user_pref("CT2645238.myStuffEnabled", true); Deleted : user_pref("CT2645238.myStuffPublihserMinWidth", 400); Deleted : user_pref("CT2645238.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Deleted : user_pref("CT2645238.myStuffServiceIntervalMM", 1440); Deleted : user_pref("CT2645238.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Deleted : user_pref("CT2645238.revertSettingsEnabled", true); Deleted : user_pref("CT2645238.searchProtectorDialogDelayInSec", 10); Deleted : user_pref("CT2645238.searchProtectorEnableByLogin", true); Deleted : user_pref("CT2645238.testingCtid", ""); Deleted : user_pref("CT2645238.toolbarAppMetaDataLastCheckTime", "Sun Aug 05 2012 10:11:03 GMT+0100 (GMT Dayli[...] Deleted : user_pref("CT2645238.toolbarContextMenuLastCheckTime", "Fri Jun 22 2012 12:59:16 GMT+0100 (GMT Dayli[...] Deleted : user_pref("CT2645238.usagesFlag", 2); Deleted : user_pref("CT3015261..clientLogIsEnabled", true); Deleted : user_pref("CT3015261..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Deleted : user_pref("CT3015261..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Deleted : user_pref("CT3015261.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Deleted : user_pref("CT3015261.AppTrackingLastCheckTime", "Sat Aug 06 2011 10:09:59 GMT+0100 (GMT Daylight Tim[...] Deleted : user_pref("CT3015261.CTID", "CT3015261"); Deleted : user_pref("CT3015261.CurrentServerDate", "7-8-2011"); Deleted : user_pref("CT3015261.DialogsAlignMode", "LTR"); Deleted : user_pref("CT3015261.DialogsGetterLastCheckTime", "Sat Aug 06 2011 10:09:49 GMT+0100 (GMT Daylight T[...] Deleted : user_pref("CT3015261.DownloadReferralCookieData", ""); Deleted : user_pref("CT3015261.EMailNotifierPollDate", "Sat Aug 06 2011 11:01:41 GMT+0100 (GMT Daylight Time)"[...] Deleted : user_pref("CT3015261.FirstServerDate", "6-8-2011"); Deleted : user_pref("CT3015261.FirstTime", true); Deleted : user_pref("CT3015261.FirstTimeFF3", true); Deleted : user_pref("CT3015261.FixPageNotFoundErrors", true); Deleted : user_pref("CT3015261.GroupingServerCheckInterval", 1440); Deleted : user_pref("CT3015261.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Deleted : user_pref("CT3015261.HasUserGlobalKeys", true); Deleted : user_pref("CT3015261.HomePageProtectorEnabled", false); Deleted : user_pref("CT3015261.Initialize", true); Deleted : user_pref("CT3015261.InitializeCommonPrefs", true); Deleted : user_pref("CT3015261.InstallationAndCookieDataSentCount", 3); Deleted : user_pref("CT3015261.InstallationId", "CT3015261_ZoneAlarm_Security_Suite.exe"); Deleted : user_pref("CT3015261.InstallationType", "ConduitIntegration"); Deleted : user_pref("CT3015261.InstalledDate", "Sat Aug 06 2011 10:09:49 GMT+0100 (GMT Daylight Time)"); Deleted : user_pref("CT3015261.IsAlertDBUpdated", true); Deleted : user_pref("CT3015261.IsGrouping", false); Deleted : user_pref("CT3015261.IsInitSetupIni", true); Deleted : user_pref("CT3015261.IsMulticommunity", false); Deleted : user_pref("CT3015261.IsOpenThankYouPage", false); Deleted : user_pref("CT3015261.IsOpenUninstallPage", false); Deleted : user_pref("CT3015261.LanguagePackLastCheckTime", "Sat Aug 06 2011 10:09:51 GMT+0100 (GMT Daylight Ti[...] Deleted : user_pref("CT3015261.LanguagePackReloadIntervalMM", 1440); Deleted : user_pref("CT3015261.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Deleted : user_pref("CT3015261.LastLogin_3.5.1.1", "Sun Aug 07 2011 06:51:04 GMT+0100 (GMT Daylight Time)"); Deleted : user_pref("CT3015261.LatestVersion", "3.3.5.1"); Deleted : user_pref("CT3015261.Locale", "en"); Deleted : user_pref("CT3015261.MCDetectTooltipHeight", "83"); Deleted : user_pref("CT3015261.MCDetectTooltipShow", false); Deleted : user_pref("CT3015261.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Deleted : user_pref("CT3015261.MCDetectTooltipWidth", "295"); Deleted : user_pref("CT3015261.MyStuffEnabledAtInstallation", false); Deleted : user_pref("CT3015261.OriginalFirstVersion", "3.5.1.1"); Deleted : user_pref("CT3015261.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties"); Deleted : user_pref("CT3015261.SearchFromAddressBarIsInit", true); Deleted : user_pref("CT3015261.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT301[...] Deleted : user_pref("CT3015261.SearchInNewTabEnabled", true); Deleted : user_pref("CT3015261.SearchInNewTabIntervalMM", 1440); Deleted : user_pref("CT3015261.SearchInNewTabLastCheckTime", "Sat Aug 06 2011 10:09:51 GMT+0100 (GMT Daylight [...] Deleted : user_pref("CT3015261.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Deleted : user_pref("CT3015261.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...] Deleted : user_pref("CT3015261.SearchProtectorEnabled", false); Deleted : user_pref("CT3015261.SearchProtectorToolbarDisabled", true); Deleted : user_pref("CT3015261.ServiceMapLastCheckTime", "Sat Aug 06 2011 10:09:47 GMT+0100 (GMT Daylight Time[...] Deleted : user_pref("CT3015261.SettingsLastCheckTime", "Sun Aug 07 2011 06:51:02 GMT+0100 (GMT Daylight Time)"[...] Deleted : user_pref("CT3015261.SettingsLastUpdate", "1311168858"); Deleted : user_pref("CT3015261.ThirdPartyComponentsInterval", 504); Deleted : user_pref("CT3015261.ThirdPartyComponentsLastCheck", "Sat Aug 06 2011 10:09:47 GMT+0100 (GMT Dayligh[...] Deleted : user_pref("CT3015261.ThirdPartyComponentsLastUpdate", "1246786978"); Deleted : user_pref("CT3015261.ToolbarShrinkedFromSetup", false); Deleted : user_pref("CT3015261.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3015261"); Deleted : user_pref("CT3015261.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Deleted : user_pref("CT3015261.UserID", "UN29909517275356115"); Deleted : user_pref("CT3015261.ValidationData_Search", 2); Deleted : user_pref("CT3015261.ValidationData_Toolbar", 2); Deleted : user_pref("CT3015261.alertChannelId", "1406927"); Deleted : user_pref("CT3015261.approveUntrustedApps", true); Deleted : user_pref("CT3015261.backendstorage.youtube_user_first_login_date", "30382F30372F32303131"); Deleted : user_pref("CT3015261.backendstorage.youtube_user_survey_visit", "4E4F545F56495349544544"); Deleted : user_pref("CT3015261.backendstorage.youtubelang", "5553"); Deleted : user_pref("CT3015261.components.1000034", false); Deleted : user_pref("CT3015261.components.129506578327572375", false); Deleted : user_pref("CT3015261.components.129506578328099741", false); Deleted : user_pref("CT3015261.components.129506578328177870", false); Deleted : user_pref("CT3015261.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Deleted : user_pref("CT3015261.globalFirstTimeInfoLastCheckTime", "Sun Aug 07 2011 06:51:04 GMT+0100 (GMT Dayl[...] Deleted : user_pref("CT3015261.homepageProtectorEnableByLogin", true); Deleted : user_pref("CT3015261.initDone", true); Deleted : user_pref("CT3015261.isAppTrackingManagerOn", true); Deleted : user_pref("CT3015261.myStuffEnabled", true); Deleted : user_pref("CT3015261.myStuffPublihserMinWidth", 400); Deleted : user_pref("CT3015261.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Deleted : user_pref("CT3015261.myStuffServiceIntervalMM", 1440); Deleted : user_pref("CT3015261.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Deleted : user_pref("CT3015261.oldAppsList", "129506578324945315,129506578325335957,111,129506578326068408,129[...] Deleted : user_pref("CT3015261.searchProtectorDialogDelayInSec", 10); Deleted : user_pref("CT3015261.searchProtectorEnableByLogin", true); Deleted : user_pref("CT3015261.testingCtid", ""); Deleted : user_pref("CT3015261.toolbarAppMetaDataLastCheckTime", "Sat Aug 06 2011 10:09:49 GMT+0100 (GMT Dayli[...] Deleted : user_pref("CT3015261.toolbarContextMenuLastCheckTime", "Sat Aug 06 2011 10:09:51 GMT+0100 (GMT Dayli[...] Deleted : user_pref("CT3015261.usagesFlag", 2); Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2645238/CT2645238[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1037922/1033633/UK", "\"0\"[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1406927/1402585/UK", "\"0\"[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2645238", [...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3015261", [...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2645238",[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3015261",[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT3015261&octid=[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/38/264/CT2645238/Images/6340849608501725[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/61/301/CT3015261/Images/6340849608501725[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"504[...] Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\Administrator\\App[...] Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.13.0.6"); Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...] Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT3015261,CT2645238"); Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT3015261,CT2645238"); Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3015261,CT2645238"); Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sat Aug 06 2011 10:09:52 GMT+0100 (GMT[...] Deleted : user_pref("CommunityToolbar.globalUserId", "a29860f5-c187-4efc-91d4-fe8b2af9f40f"); Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3015261"); Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Jun 22 2012 12:59:1[...] Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440); Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Fri Jun 22 2012 14:05:35 GMT+010[...] Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com"); Deleted : user_pref("CommunityToolbar.notifications.locale", "en"); Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440); Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Jun 22 2012 12:59:08 GMT+0100 (G[...] Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611"); Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20); Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com"); Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false); Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300); Deleted : user_pref("CommunityToolbar.notifications.userId", "50271d6e-f331-4238-b586-bfb3d8314667"); Deleted : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties"); Deleted : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...] ************************* AdwCleaner[R1].txt - [22939 octets] - [12/01/2013 18:11:17] AdwCleaner[R2].txt - [23000 octets] - [12/01/2013 20:00:28] AdwCleaner[R3].txt - [23061 octets] - [12/01/2013 20:01:00] AdwCleaner[s1].txt - [23626 octets] - [12/01/2013 20:01:29] ########## EOF - C:\AdwCleaner[s1].txt - [23687 octets] ##########
  9. gumdrop
    No we should delete if its best, I'm just blind to the consequences, what should I do next.
  10. gumdrop
    I am a little lost here. Are we deleting firefox profiles or elements within the profiles. Are some of these bookmarks ? What may occur once the items are deleted ? # AdwCleaner v2.105 - Logfile created 01/12/2013 at 18:11:17 # Updated 08/01/2013 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : Administrator - DELL # Boot Mode : Normal # Running from : C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** File Found : C:\user.js Folder Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g54frmr5.default\extensions\staged Folder Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kbx4p9zm.Default User 1\ConduitCommon Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit ***** [Registry] ***** Key Found : HKCU\Software\Headlight Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1 Key Found : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D} Key Found : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D} Key Found : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169} Key Found : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C} Key Found : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061} Key Found : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE} Key Found : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5} Key Found : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC} Key Found : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD} Key Found : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C} Key Found : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2} Key Found : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680} Key Found : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED} Key Found : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3015261 Key Found : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Found : HKU\S-1-5-21-1409082233-308236825-682003330-500\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registry is clean. -\\ Mozilla Firefox v18.0 (en-US) File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g54frmr5.default\prefs.js [OK] File is clean. File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kbx4p9zm.Default User 1\prefs.js Found : user_pref("CT2645238..clientLogIsEnabled", false); Found : user_pref("CT2645238..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Found : user_pref("CT2645238..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Found : user_pref("CT2645238.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Found : user_pref("CT2645238.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Found : user_pref("CT2645238.CTID", "CT2645238"); Found : user_pref("CT2645238.CurrentServerDate", "6-8-2012"); Found : user_pref("CT2645238.DSInstall", false); Found : user_pref("CT2645238.DialogsAlignMode", "LTR"); Found : user_pref("CT2645238.DialogsGetterLastCheckTime", "Mon Aug 06 2012 07:00:20 GMT+0100 (GMT Daylight T[...] Found : user_pref("CT2645238.DownloadReferralCookieData", ""); Found : user_pref("CT2645238.EMailNotifierPollDate", "Sat Jun 23 2012 10:51:02 GMT+0100 (GMT Daylight Time)"[...] Found : user_pref("CT2645238.FirstServerDate", "22-6-2012"); Found : user_pref("CT2645238.FirstTime", true); Found : user_pref("CT2645238.FirstTimeFF3", true); Found : user_pref("CT2645238.FixPageNotFoundErrors", true); Found : user_pref("CT2645238.GroupingServerCheckInterval", 1440); Found : user_pref("CT2645238.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Found : user_pref("CT2645238.HPInstall", false); Found : user_pref("CT2645238.HasUserGlobalKeys", true); Found : user_pref("CT2645238.HomePageProtectorEnabled", false); Found : user_pref("CT2645238.HomepageBeforeUnload", "chrome://branding/locale/browserconfig.properties"); Found : user_pref("CT2645238.Initialize", true); Found : user_pref("CT2645238.InitializeCommonPrefs", true); Found : user_pref("CT2645238.InstallationAndCookieDataSentCount", 3); Found : user_pref("CT2645238.InstallationId", "ct2645238_zonealarm_security.exe"); Found : user_pref("CT2645238.InstallationType", "ConduitXPEIntegration"); Found : user_pref("CT2645238.InstalledDate", "Fri Jun 22 2012 12:59:12 GMT+0100 (GMT Daylight Time)"); Found : user_pref("CT2645238.IsAlertDBUpdated", true); Found : user_pref("CT2645238.IsGrouping", false); Found : user_pref("CT2645238.IsInitSetupIni", true); Found : user_pref("CT2645238.IsMulticommunity", false); Found : user_pref("CT2645238.IsOpenThankYouPage", false); Found : user_pref("CT2645238.IsOpenUninstallPage", false); Found : user_pref("CT2645238.LanguagePackLastCheckTime", "Sun Aug 05 2012 10:11:02 GMT+0100 (GMT Daylight Ti[...] Found : user_pref("CT2645238.LanguagePackReloadIntervalMM", 1440); Found : user_pref("CT2645238.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Found : user_pref("CT2645238.LastLogin_3.13.0.6", "Mon Jul 16 2012 06:32:58 GMT+0100 (GMT Daylight Time)"); Found : user_pref("CT2645238.LastLogin_3.14.1.0", "Mon Aug 06 2012 06:48:37 GMT+0100 (GMT Daylight Time)"); Found : user_pref("CT2645238.LastLogin_3.9.0.3", "Sat Jun 23 2012 06:44:56 GMT+0100 (GMT Daylight Time)"); Found : user_pref("CT2645238.LatestVersion", "3.14.1.0"); Found : user_pref("CT2645238.Locale", "en"); Found : user_pref("CT2645238.MCDetectTooltipHeight", "83"); Found : user_pref("CT2645238.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Found : user_pref("CT2645238.MCDetectTooltipWidth", "295"); Found : user_pref("CT2645238.MyStuffEnabledAtInstallation", true); Found : user_pref("CT2645238.OriginalFirstVersion", "3.9.0.3"); Found : user_pref("CT2645238.SearchCaption", "ZoneAlarm Security Customized Web Search"); Found : user_pref("CT2645238.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties"); Found : user_pref("CT2645238.SearchFromAddressBarIsInit", true); Found : user_pref("CT2645238.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT264[...] Found : user_pref("CT2645238.SearchInNewTabEnabled", true); Found : user_pref("CT2645238.SearchInNewTabIntervalMM", 1440); Found : user_pref("CT2645238.SearchInNewTabLastCheckTime", "Sun Aug 05 2012 10:11:02 GMT+0100 (GMT Daylight [...] Found : user_pref("CT2645238.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Found : user_pref("CT2645238.SearchProtectorEnabled", false); Found : user_pref("CT2645238.SearchProtectorToolbarDisabled", true); Found : user_pref("CT2645238.SendProtectorDataViaLogin", true); Found : user_pref("CT2645238.ServiceMapLastCheckTime", "Sun Aug 05 2012 10:11:02 GMT+0100 (GMT Daylight Time[...] Found : user_pref("CT2645238.SettingsLastCheckTime", "Mon Aug 06 2012 06:48:36 GMT+0100 (GMT Daylight Time)"[...] Found : user_pref("CT2645238.SettingsLastUpdate", "1342353030"); Found : user_pref("CT2645238.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2645238&SearchSource=13"); Found : user_pref("CT2645238.ThirdPartyComponentsInterval", 504); Found : user_pref("CT2645238.ThirdPartyComponentsLastCheck", "Sat Jun 23 2012 07:37:29 GMT+0100 (GMT Dayligh[...] Found : user_pref("CT2645238.ThirdPartyComponentsLastUpdate", "1331805997"); Found : user_pref("CT2645238.ToolbarDisabled", true); Found : user_pref("CT2645238.ToolbarShrinkedFromSetup", false); Found : user_pref("CT2645238.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2645238"); Found : user_pref("CT2645238.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Found : user_pref("CT2645238.UserID", "UN41505695258218955"); Found : user_pref("CT2645238.ValidationData_Search", 0); Found : user_pref("CT2645238.ValidationData_Toolbar", 2); Found : user_pref("CT2645238.alertChannelId", "1037922"); Found : user_pref("CT2645238.autoDisableScopes", -1); Found : user_pref("CT2645238.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Found : user_pref("CT2645238.globalFirstTimeInfoLastCheckTime", "Fri Jun 22 2012 12:59:13 GMT+0100 (GMT Dayl[...] Found : user_pref("CT2645238.homepageProtectorEnableByLogin", true); Found : user_pref("CT2645238.initDone", true); Found : user_pref("CT2645238.isAppTrackingManagerOn", true); Found : user_pref("CT2645238.myStuffEnabled", true); Found : user_pref("CT2645238.myStuffPublihserMinWidth", 400); Found : user_pref("CT2645238.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Found : user_pref("CT2645238.myStuffServiceIntervalMM", 1440); Found : user_pref("CT2645238.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Found : user_pref("CT2645238.revertSettingsEnabled", true); Found : user_pref("CT2645238.searchProtectorDialogDelayInSec", 10); Found : user_pref("CT2645238.searchProtectorEnableByLogin", true); Found : user_pref("CT2645238.testingCtid", ""); Found : user_pref("CT2645238.toolbarAppMetaDataLastCheckTime", "Sun Aug 05 2012 10:11:03 GMT+0100 (GMT Dayli[...] Found : user_pref("CT2645238.toolbarContextMenuLastCheckTime", "Fri Jun 22 2012 12:59:16 GMT+0100 (GMT Dayli[...] Found : user_pref("CT2645238.usagesFlag", 2); Found : user_pref("CT3015261..clientLogIsEnabled", true); Found : user_pref("CT3015261..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Found : user_pref("CT3015261..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Found : user_pref("CT3015261.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Found : user_pref("CT3015261.AppTrackingLastCheckTime", "Sat Aug 06 2011 10:09:59 GMT+0100 (GMT Daylight Tim[...] Found : user_pref("CT3015261.CTID", "CT3015261"); Found : user_pref("CT3015261.CurrentServerDate", "7-8-2011"); Found : user_pref("CT3015261.DialogsAlignMode", "LTR"); Found : user_pref("CT3015261.DialogsGetterLastCheckTime", "Sat Aug 06 2011 10:09:49 GMT+0100 (GMT Daylight T[...] Found : user_pref("CT3015261.DownloadReferralCookieData", ""); Found : user_pref("CT3015261.EMailNotifierPollDate", "Sat Aug 06 2011 11:01:41 GMT+0100 (GMT Daylight Time)"[...] Found : user_pref("CT3015261.FirstServerDate", "6-8-2011"); Found : user_pref("CT3015261.FirstTime", true); Found : user_pref("CT3015261.FirstTimeFF3", true); Found : user_pref("CT3015261.FixPageNotFoundErrors", true); Found : user_pref("CT3015261.GroupingServerCheckInterval", 1440); Found : user_pref("CT3015261.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Found : user_pref("CT3015261.HasUserGlobalKeys", true); Found : user_pref("CT3015261.HomePageProtectorEnabled", false); Found : user_pref("CT3015261.Initialize", true); Found : user_pref("CT3015261.InitializeCommonPrefs", true); Found : user_pref("CT3015261.InstallationAndCookieDataSentCount", 3); Found : user_pref("CT3015261.InstallationId", "CT3015261_ZoneAlarm_Security_Suite.exe"); Found : user_pref("CT3015261.InstallationType", "ConduitIntegration"); Found : user_pref("CT3015261.InstalledDate", "Sat Aug 06 2011 10:09:49 GMT+0100 (GMT Daylight Time)"); Found : user_pref("CT3015261.IsAlertDBUpdated", true); Found : user_pref("CT3015261.IsGrouping", false); Found : user_pref("CT3015261.IsInitSetupIni", true); Found : user_pref("CT3015261.IsMulticommunity", false); Found : user_pref("CT3015261.IsOpenThankYouPage", false); Found : user_pref("CT3015261.IsOpenUninstallPage", false); Found : user_pref("CT3015261.LanguagePackLastCheckTime", "Sat Aug 06 2011 10:09:51 GMT+0100 (GMT Daylight Ti[...] Found : user_pref("CT3015261.LanguagePackReloadIntervalMM", 1440); Found : user_pref("CT3015261.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Found : user_pref("CT3015261.LastLogin_3.5.1.1", "Sun Aug 07 2011 06:51:04 GMT+0100 (GMT Daylight Time)"); Found : user_pref("CT3015261.LatestVersion", "3.3.5.1"); Found : user_pref("CT3015261.Locale", "en"); Found : user_pref("CT3015261.MCDetectTooltipHeight", "83"); Found : user_pref("CT3015261.MCDetectTooltipShow", false); Found : user_pref("CT3015261.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Found : user_pref("CT3015261.MCDetectTooltipWidth", "295"); Found : user_pref("CT3015261.MyStuffEnabledAtInstallation", false); Found : user_pref("CT3015261.OriginalFirstVersion", "3.5.1.1"); Found : user_pref("CT3015261.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties"); Found : user_pref("CT3015261.SearchFromAddressBarIsInit", true); Found : user_pref("CT3015261.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT301[...] Found : user_pref("CT3015261.SearchInNewTabEnabled", true); Found : user_pref("CT3015261.SearchInNewTabIntervalMM", 1440); Found : user_pref("CT3015261.SearchInNewTabLastCheckTime", "Sat Aug 06 2011 10:09:51 GMT+0100 (GMT Daylight [...] Found : user_pref("CT3015261.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Found : user_pref("CT3015261.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...] Found : user_pref("CT3015261.SearchProtectorEnabled", false); Found : user_pref("CT3015261.SearchProtectorToolbarDisabled", true); Found : user_pref("CT3015261.ServiceMapLastCheckTime", "Sat Aug 06 2011 10:09:47 GMT+0100 (GMT Daylight Time[...] Found : user_pref("CT3015261.SettingsLastCheckTime", "Sun Aug 07 2011 06:51:02 GMT+0100 (GMT Daylight Time)"[...] Found : user_pref("CT3015261.SettingsLastUpdate", "1311168858"); Found : user_pref("CT3015261.ThirdPartyComponentsInterval", 504); Found : user_pref("CT3015261.ThirdPartyComponentsLastCheck", "Sat Aug 06 2011 10:09:47 GMT+0100 (GMT Dayligh[...] Found : user_pref("CT3015261.ThirdPartyComponentsLastUpdate", "1246786978"); Found : user_pref("CT3015261.ToolbarShrinkedFromSetup", false); Found : user_pref("CT3015261.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3015261"); Found : user_pref("CT3015261.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Found : user_pref("CT3015261.UserID", "UN29909517275356115"); Found : user_pref("CT3015261.ValidationData_Search", 2); Found : user_pref("CT3015261.ValidationData_Toolbar", 2); Found : user_pref("CT3015261.alertChannelId", "1406927"); Found : user_pref("CT3015261.approveUntrustedApps", true); Found : user_pref("CT3015261.backendstorage.youtube_user_first_login_date", "30382F30372F32303131"); Found : user_pref("CT3015261.backendstorage.youtube_user_survey_visit", "4E4F545F56495349544544"); Found : user_pref("CT3015261.backendstorage.youtubelang", "5553"); Found : user_pref("CT3015261.components.1000034", false); Found : user_pref("CT3015261.components.129506578327572375", false); Found : user_pref("CT3015261.components.129506578328099741", false); Found : user_pref("CT3015261.components.129506578328177870", false); Found : user_pref("CT3015261.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Found : user_pref("CT3015261.globalFirstTimeInfoLastCheckTime", "Sun Aug 07 2011 06:51:04 GMT+0100 (GMT Dayl[...] Found : user_pref("CT3015261.homepageProtectorEnableByLogin", true); Found : user_pref("CT3015261.initDone", true); Found : user_pref("CT3015261.isAppTrackingManagerOn", true); Found : user_pref("CT3015261.myStuffEnabled", true); Found : user_pref("CT3015261.myStuffPublihserMinWidth", 400); Found : user_pref("CT3015261.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Found : user_pref("CT3015261.myStuffServiceIntervalMM", 1440); Found : user_pref("CT3015261.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Found : user_pref("CT3015261.oldAppsList", "129506578324945315,129506578325335957,111,129506578326068408,129[...] Found : user_pref("CT3015261.searchProtectorDialogDelayInSec", 10); Found : user_pref("CT3015261.searchProtectorEnableByLogin", true); Found : user_pref("CT3015261.testingCtid", ""); Found : user_pref("CT3015261.toolbarAppMetaDataLastCheckTime", "Sat Aug 06 2011 10:09:49 GMT+0100 (GMT Dayli[...] Found : user_pref("CT3015261.toolbarContextMenuLastCheckTime", "Sat Aug 06 2011 10:09:51 GMT+0100 (GMT Dayli[...] Found : user_pref("CT3015261.usagesFlag", 2); Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2645238/CT2645238[...] Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1037922/1033633/UK", "\"0\"[...] Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1406927/1402585/UK", "\"0\"[...] Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2645238", [...] Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3015261", [...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...] Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2645238",[...] Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3015261",[...] Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT3015261&octid=[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/38/264/CT2645238/Images/6340849608501725[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/61/301/CT3015261/Images/6340849608501725[...] Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...] Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"504[...] Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\Administrator\\App[...] Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.13.0.6"); Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...] Found : user_pref("CommunityToolbar.ToolbarsList", "CT3015261,CT2645238"); Found : user_pref("CommunityToolbar.ToolbarsList2", "CT3015261,CT2645238"); Found : user_pref("CommunityToolbar.ToolbarsList4", "CT3015261,CT2645238"); Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sat Aug 06 2011 10:09:52 GMT+0100 (GMT[...] Found : user_pref("CommunityToolbar.globalUserId", "a29860f5-c187-4efc-91d4-fe8b2af9f40f"); Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3015261"); Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Jun 22 2012 12:59:1[...] Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440); Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Fri Jun 22 2012 14:05:35 GMT+010[...] Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com"); Found : user_pref("CommunityToolbar.notifications.locale", "en"); Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440); Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Jun 22 2012 12:59:08 GMT+0100 (G[...] Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611"); Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20); Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com"); Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false); Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300); Found : user_pref("CommunityToolbar.notifications.userId", "50271d6e-f331-4238-b586-bfb3d8314667"); Found : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties"); Found : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...] ************************* AdwCleaner[R1].txt - [22808 octets] - [12/01/2013 18:11:17] ########## EOF - C:\AdwCleaner[R1].txt - [22869 octets] ##########
  11. gumdrop
    "%userprofile%\desktop\combofix.exe" /nombrComboFix 13-01-12.01 - Administrator 12/01/2013 17:18:11.1.2 - x86 Running from: c:\documents and settings\Administrator\desktop\combofix.exe Command switches used :: /nombr * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Administrator\WINDOWS c:\documents and settings\All Users\Application Data\TEMP c:\windows\CTL3D.1 c:\windows\system\Color . . ((((((((((((((((((((((((( Files Created from 2012-12-12 to 2013-01-12 ))))))))))))))))))))))))))))))) . . 2013-01-12 01:11 . 2013-01-12 01:11 -------- d-----w- C:\_OTL 2013-01-08 15:08 . 2013-01-08 15:08 196665 -c--a-w- c:\windows\system32\dllcache\imjpinst.exe 2013-01-04 06:58 . 2012-06-02 15:18 275696 ----a-w- c:\windows\system32\mucltui.dll 2013-01-03 16:52 . 2013-01-03 16:52 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2013-01-03 16:48 . 2013-01-03 16:48 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Secunia PSI 2013-01-03 16:48 . 2013-01-03 16:48 -------- d-----w- c:\program files\Secunia 2012-12-26 10:27 . 2012-12-27 07:52 -------- d-----w- c:\program files\SpywareBlaster 2012-12-24 09:15 . 2012-12-24 09:15 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Sun 2012-12-24 09:03 . 2012-12-24 09:03 -------- d-----w- c:\program files\Common Files\Java 2012-12-24 09:03 . 2012-12-24 09:02 143872 ----a-w- c:\windows\system32\javacpl.cpl 2012-12-24 09:02 . 2012-12-24 09:02 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-12-22 16:11 . 2012-12-23 10:13 -------- d-----w- c:\documents and settings\Administrator\Doctor Web 2012-12-22 11:31 . 2012-12-22 11:31 -------- d-----w- c:\program files\Panda Security 2012-12-21 17:00 . 2012-12-21 17:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\Check Point Software Technologies LTD 2012-12-20 20:41 . 2012-12-20 20:41 -------- d-----w- c:\program files\Check Point Software Technologies LTD 2012-12-20 20:40 . 2012-12-20 20:42 -------- d-----w- c:\program files\CheckPoint 2012-12-19 16:07 . 2012-12-19 16:07 -------- d-----w- c:\documents and settings\Administrator\Application Data\Avira 2012-12-19 16:01 . 2012-11-27 10:01 83944 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2012-12-19 16:01 . 2012-11-22 15:51 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2012-12-19 16:01 . 2012-11-22 15:50 134336 ----a-w- c:\windows\system32\drivers\avipbb.sys 2012-12-19 16:01 . 2012-12-19 16:01 -------- d-----w- c:\program files\Avira 2012-12-19 16:01 . 2012-12-19 16:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2012-12-18 19:08 . 2012-12-18 19:08 209112 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll 2012-12-18 16:49 . 2008-05-02 13:25 465920 -c----w- c:\windows\system32\dllcache\imapi2fs.dll 2012-12-18 16:49 . 2008-05-02 13:25 465920 ------w- c:\windows\system32\imapi2fs.dll 2012-12-18 16:49 . 2008-05-02 13:25 317952 -c----w- c:\windows\system32\dllcache\imapi2.dll 2012-12-18 16:49 . 2008-05-02 13:25 317952 ------w- c:\windows\system32\imapi2.dll 2012-12-18 16:49 . 2008-05-02 10:49 62976 -c----w- c:\windows\system32\dllcache\cdrom.sys 2012-12-17 19:42 . 2012-12-17 19:42 395744 ----a-w- c:\windows\system32\drivers\timntr.sys 2012-12-17 19:42 . 2012-12-17 19:42 114048 ----a-w- c:\windows\system32\drivers\snapman.sys 2012-12-17 19:42 . 2012-12-17 19:42 -------- d-----w- c:\program files\Common Files\Acronis 2012-12-17 19:42 . 2012-12-17 19:42 -------- d-----w- c:\program files\Acronis 2012-12-17 13:25 . 2008-04-14 05:41 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll 2012-12-17 13:25 . 2008-04-14 05:41 21504 ----a-w- c:\windows\system32\hidserv.dll 2012-12-17 13:21 . 2012-12-17 13:21 -------- d--h--w- c:\windows\system32\GroupPolicy 2012-12-16 08:11 . 2012-12-16 08:12 -------- d-----w- c:\program files\ERUNT 2012-12-15 13:15 . 2012-12-15 13:44 -------- d-----w- c:\program files\trend micro . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-12 14:05 . 2012-04-09 09:46 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-01-12 14:05 . 2011-05-24 10:38 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-24 09:02 . 2012-06-21 17:27 859072 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-12-24 09:02 . 2010-06-24 16:25 779704 ----a-w- c:\windows\system32\deployJava1.dll 2012-12-17 19:42 . 2010-01-27 15:29 39264 ----a-w- c:\windows\system32\drivers\tifsfilt.sys 2012-12-16 12:23 . 2004-08-12 13:17 290560 ----a-w- c:\windows\system32\atmfd.dll 2012-12-14 16:49 . 2012-03-27 06:58 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-13 01:25 . 2004-08-12 13:33 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-11-06 02:01 . 2009-08-28 11:44 1371648 ----a-w- c:\windows\system32\msxml6.dll 2012-11-02 02:02 . 2004-08-12 13:18 375296 ----a-w- c:\windows\system32\dpnet.dll 2012-11-01 12:17 . 2004-08-12 13:33 916992 ----a-w- c:\windows\system32\wininet.dll 2012-11-01 12:17 . 2004-08-12 13:21 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-11-01 12:17 . 2004-08-12 13:20 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-11-01 00:35 . 2004-08-12 13:19 385024 ----a-w- c:\windows\system32\html.iec 2013-01-11 10:25 . 2013-01-11 10:24 262704 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-05-25 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-05-25 126976] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-12-04 384800] "ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2012-11-07 73392] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\Administrator\Start Menu\Programs\Startup\AutorunsDisabled OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="" . [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk] path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk backup=c:\windows\pss\OpenOffice.org 3.4.1.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Secunia PSI Tray.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk backup=c:\windows\pss\Secunia PSI Tray.lnkCommon Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service] 2006-10-16 21:13 87584 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor] 2006-10-16 21:17 1941784 ----a-w- c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt] 2012-12-04 15:36 384800 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 04:42 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] 2009-03-05 16:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2012-07-03 09:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe] 2006-10-16 21:12 1164912 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= . R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x] R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x] R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [x] R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [x] R3 ham50;Intel V92 HaM Data Fax Voice;c:\windows\system32\DRIVERS\IntelH51.sys [x] R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x] R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [x] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x] S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [x] S2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [x] S2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [x] S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [x] S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [x] S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [x] S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WINMGMT . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . Contents of the 'Scheduled Tasks' folder . 2013-01-08 c:\windows\Tasks\mbam full scan.job - c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2012-03-27 16:49] . 2013-01-12 c:\windows\Tasks\mbam scan.job - c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2012-03-27 16:49] . 2013-01-12 c:\windows\Tasks\mbam.job - c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2012-03-27 16:49] . 2013-01-11 c:\windows\Tasks\SyncBack BACKUP OF DATA.job - c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2010-01-28 15:42] . 2013-01-12 c:\windows\Tasks\SyncBack daily.job - c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2010-01-28 15:42] . 2012-05-19 c:\windows\Tasks\wavepadShakeIcon.job - c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-08-06 15:56] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: Download Flash with Flash &Grabber - c:\progra~1\FLASHG~1\swfgrab.dll/iesave IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kbx4p9zm.Default User 1\ FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties FF - ExtSQL: 2012-12-06 08:11; {B17C1C5A-04B1-11DB-9804-B622A1EF5492}; c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kbx4p9zm.Default User 1\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi FF - ExtSQL: 2012-12-20 20:42; ffxtlbr@zonealarm.com; c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kbx4p9zm.Default User 1\extensions\ffxtlbr@zonealarm.com FF - ExtSQL: 2012-12-20 20:42; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; c:\program files\CheckPoint\ZAForceField\TrustChecker FF - user.js: extensions.zonealarm.autoRvrt - false FF - user.js: extensions.zonealarm_i.newTab - false FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?Source=ToolBar&oemCode=ZLN116050713161252-1043&toolbarId=base&affiliateId=1043&Lan={dfltLng}&utid=a886ccab0000000000000019b92f743a&q= FF - user.js: extensions.zonealarm.id - a886ccab0000000000000019b92f743a FF - user.js: extensions.zonealarm.instlDay - 15694 FF - user.js: extensions.zonealarm.vrsn - 1.6.7.4 FF - user.js: extensions.zonealarm.vrsni - 1.6.7.4 FF - user.js: extensions.zonealarm_i.vrsnTs - 1.6.7.420:41 FF - user.js: extensions.zonealarm.prtnrId - checkpoint FF - user.js: extensions.zonealarm.prdct - zonealarm FF - user.js: extensions.zonealarm.aflt - 1043 FF - user.js: extensions.zonealarm_i.smplGrp - none FF - user.js: extensions.zonealarm.tlbrId - base FF - user.js: extensions.zonealarm.instlRef - ZLN116050713161252-1043 FF - user.js: extensions.zonealarm.dfltLng - en FF - user.js: extensions.zonealarm.excTlbr - false FF - user.js: extensions.zonealarm.admin - false . . ------- File Associations ------- . .reg= . - - - - ORPHANS REMOVED - - - - . WebBrowser-{3CE45C4F-BFFF-4988-9A3C-A75C1F491319} - (no file) HKLM-Run-ISW - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-01-12 17:30 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1409082233-308236825-682003330-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,de,01,6e,95,85,24,cb,46,98,0e,52,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,de,01,6e,95,85,24,cb,46,98,0e,52,\ "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f0,09,94,b5,fa,f4,b5,4c,ad,d9,94,\ . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'lsass.exe'(896) c:\windows\system32\relog_ap.dll . Completion time: 2013-01-12 17:34:37 ComboFix-quarantined-files.txt 2013-01-12 17:34 . Pre-Run: 8,221,978,624 bytes free Post-Run: 8,225,382,400 bytes free . - - End Of File - - 81720C3131722C7B4419220865F6F89E
  12. gumdrop
    Hi....its now an hour since I started Combo and it still hasn't scanned, the machine is frozen so I will power it down on the tower. Maybe of interest, Startup in ccleaner is shwing enabled programs for forewall and anti-virus once both have been disabled in idesktop icons, bottom right. Just got your reply and will try that
  13. gumdrop
    I have disconnected the machine from the internet. Combofix has been running for 20 mins and has not gone beyond.......... Scanning for infected files Typically.........................10 mins However.........................................................easily double no flashing cursur after that It looks as though the system is frozen, clock is fixed on Combo start time, which happened when we tried to use ComboFix with our last problem you dealt with. Have disabled Firewall and Antivirus in icons bottom right of desktop. I will leave Combofix in its present frozen state untill I hear back from you.
  14. gumdrop
    Hi............as discussed windows security centre has been disabled by the trojan. I have disabled the web security element of Zonealarms firewall but since I assume the windows firewall is inactive can I run Combo with the firewall active?
  15. gumdrop
    Hi Again.................was looking for solutions to Security Centre when Avira Anti Virus flagged up TR/Kazy.134631.1 which is the same exercise you found last night. Its now in Avira's quarantine with a file name of C:\_OTL\Moved File\01112013_201102\C_Documents& Settings\Admin............\wgsdgsdgdsgsd.exe
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.