Jump to content

Recommended Posts

My girlfriend decided to download the digital media program known as "SAI" but inadvertantly also installed the "SweetPacks" toolbar. After some fiddling, I decided to run Malwarebytes and Spybot Search & Destroy. Spybot found several pieces of addware, and apparently cleaned them up, including sweetpacks. Malwarebytes continually becomes non responsive several hours into the scan, but 100000 files in, and still no problem files found. This all sounded good, except her home page is still sweetpacks and she still has the tool bar.

I have run dss, and have the two reports, as shown below.

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.19088

Run by Savannah at 16:07:56 on 2013-05-03

Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1915.1056 [GMT -7:00]

.

AV: Norton 360 *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton 360 *Disabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

FW: Norton 360 *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\SearchProtect\bin\CltMngSvc.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe

C:\Windows\system32\TODDSrv.exe

C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe

C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Toshiba\Power Saver\TPwrMain.exe

C:\Program Files\Toshiba\SmoothView\SmoothView.exe

C:\Program Files\Toshiba\FlashCards\TCrdMain.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Toshiba\ConfigFree\NDSTray.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe

C:\Program Files\Pando Networks\Media Booster\PMB.exe

C:\Program Files\WinZip\WZQKPICK32.EXE

C:\Windows\system32\WerCon.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\igfxext.exe

C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Users\Savannah\AppData\Roaming\SearchProtect\bin\cltmng.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

.

============== Pseudo HJT Report ===============

.

uSearch Bar = hxxp://www.google.com/ie

uSearch Page = hxxp://www.google.com

uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB

mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

uURLSearchHooks: Search Spin Toolbar: {fe02a3ef-6cd5-4dc6-8cf4-f3bcac60bc7c} - c:\program files\search_spin\prxtbSear.dll

mURLSearchHooks: Search Spin Toolbar: {fe02a3ef-6cd5-4dc6-8cf4-f3bcac60bc7c} - c:\program files\search_spin\prxtbSear.dll

BHO: IEPlugin Class: {11222041-111B-46E3-BD29-EFB2449479B1} - c:\program files\arcsoft\media converter for philips\internet video downloader\ArcURLRecord.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: NCO 2.0 IE BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll

BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\common files\symantec shared\ids\IPSBHO.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL

BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL

BHO: Search Spin Toolbar: {fe02a3ef-6cd5-4dc6-8cf4-f3bcac60bc7c} - c:\program files\search_spin\prxtbSear.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Show Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll

TB: Search Spin Toolbar: {FE02A3EF-6CD5-4DC6-8CF4-F3BCAC60BC7C} - c:\program files\search_spin\prxtbSear.dll

TB: Show Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Search Spin Toolbar: {fe02a3ef-6cd5-4dc6-8cf4-f3bcac60bc7c} - c:\program files\search_spin\prxtbSear.dll

uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe

uRun: [searchProtect] c:\users\savannah\appdata\roaming\searchprotect\bin\cltmng.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [TPwrMain] c:\program files\toshiba\power saver\TPwrMain.EXE

mRun: [HSON] c:\program files\toshiba\tbs\HSON.exe

mRun: [smoothView] c:\program files\toshiba\smoothview\SmoothView.exe

mRun: [00TCrdMain] c:\program files\toshiba\flashcards\TCrdMain.exe

mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide

mRun: [NDSTray.exe] NDSTray.exe

mRun: [cfFncEnabler.exe] cfFncEnabler.exe

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [searchProtectAll] c:\program files\searchprotect\bin\cltmng.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\philip~1.lnk - c:\philips\gogear vibe device manager\GoGear_Vibe_DeviceManager.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK32.EXE

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\ssv.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{41FF72CF-98A8-4D8A-8336-8F21340D67B4} : DHCPNameServer = 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Notify: igfxcui - igfxdev.dll

AppInit_DLLs= c:\progra~1\google\google~1\GOEC62~1.DLL

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\savannah\appdata\roaming\mozilla\firefox\profiles\1ayt5e2l.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3241284&CUI=UN13097975252358819&UM=2&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3241284&SearchSource=2&CUI=UN13097975252358819&UM=&q=

FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll

FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll

FF - plugin: c:\program files\wildtangent games\app\browserintegration\registered\0\NP_wtapp.dll

FF - plugin: c:\users\savannah\appdata\roaming\mozilla\firefox\profiles\1ayt5e2l.default\extensions\{fe02a3ef-6cd5-4dc6-8cf4-f3bcac60bc7c}\plugins\np-mswmp.dll

FF - plugin: c:\users\savannah\appdata\roaming\mozilla\firefox\profiles\1ayt5e2l.default\extensions\{fe02a3ef-6cd5-4dc6-8cf4-f3bcac60bc7c}\plugins\npConduitFirefoxPlugin.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll

FF - ExtSQL: 2013-04-15 21:09; {EEE6C361-6118-11DC-9C72-001320C79847}; c:\users\savannah\appdata\roaming\mozilla\firefox\profiles\1ayt5e2l.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi

FF - ExtSQL: 2013-04-15 21:10; {fe02a3ef-6cd5-4dc6-8cf4-f3bcac60bc7c}; c:\users\savannah\appdata\roaming\mozilla\firefox\profiles\1ayt5e2l.default\extensions\{fe02a3ef-6cd5-4dc6-8cf4-f3bcac60bc7c}

FF - ExtSQL: 2049-12-31 14:00; {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}; c:\users\savannah\appdata\roaming\mozilla\firefox\profiles\1ayt5e2l.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi

FF - ExtSQL: !HIDDEN! 2009-07-25 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

.

============= SERVICES / DRIVERS ===============

.

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\ipsdefs\20090910.001\IDSvix86.sys [2009-9-10 272432]

R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2009-5-25 25896]

R2 CltMngSvc;Search Protect by Conduit Updater;c:\program files\searchprotect\bin\CltMngSvc.exe [2013-4-11 93984]

R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]

R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]

R2 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2008-9-30 46392]

R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]

R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-9-30 7168]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-5-3 40776]

R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187B.sys [2009-5-25 290304]

R3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2008-9-30 1245064]

R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2009-2-19 41008]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-9-2 102448]

S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-9-30 30192]

S3 SVRPEDRV;SVRPEDRV;c:\windows\system32\sysprep\PEDRV.SYS [2008-9-30 9216]

S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\razer\razer game booster\driver\WinRing0.sys [2012-11-13 14416]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2013-05-03 20:48:45 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2013-05-03 20:47:34 -------- d-----w- c:\users\savannah\appdata\roaming\SearchProtect

2013-05-03 19:00:03 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2013-05-03 19:00:03 -------- d-----w- c:\program files\Spybot - Search & Destroy

2013-05-03 18:57:36 -------- d-----w- c:\users\savannah\appdata\roaming\Malwarebytes

2013-05-03 18:57:18 -------- d-----w- c:\programdata\Malwarebytes

2013-05-03 18:57:16 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-05-03 18:57:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-04-30 09:12:38 6906960 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d1bf4a4c-09e3-47dd-b600-a9e1caba12c8}\mpengine.dll

2013-04-16 04:11:05 -------- d-----w- c:\program files\Conduit

2013-04-16 04:11:04 -------- d-----w- c:\users\savannah\appdata\roaming\SYSTEMAX Software Development

2013-04-16 04:11:04 -------- d-----w- c:\programdata\SYSTEMAX Software Development

2013-04-16 04:10:53 -------- d-----w- c:\users\savannah\appdata\local\Conduit

2013-04-16 04:10:53 -------- d-----w- c:\program files\Search_Spin

2013-04-16 04:10:39 -------- d-----w- c:\program files\SearchProtect

2013-04-16 04:10:38 770384 ----a-w- c:\windows\system32\msvcr100.dll

2013-04-16 04:10:38 421200 ----a-w- c:\windows\system32\msvcp100.dll

2013-04-16 04:10:07 -------- d-----w- c:\program files\SearchGBY

2013-04-16 00:16:08 -------- d-----w- c:\users\savannah\.thumbnails

2013-04-16 00:14:05 -------- d-----w- c:\users\savannah\appdata\local\fontconfig

2013-04-16 00:14:01 -------- d-----w- c:\users\savannah\appdata\local\gegl-0.2

2013-04-16 00:14:01 -------- d-----w- c:\users\savannah\.gimp-2.8

2013-04-16 00:07:42 -------- d-----w- c:\program files\GIMP 2

.

==================== Find3M ====================

.

2013-03-19 22:58:48 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-03-19 22:58:47 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-03-12 08:10:56 237088 ------w- c:\windows\system32\MpSigStub.exe

.

============= FINISH: 16:09:07.49 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft® Windows Vista™ Home Basic

Boot Device: \Device\HarddiskVolume2

Install Date: 5/25/2009 5:18:13 AM

System Uptime: 5/3/2013 1:46:23 PM (3 hours ago)

.

Motherboard: TOSHIBA | | Portable PC

Processor: Intel® Celeron® CPU 900 @ 2.20GHz | CPU | 2194/800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 140 GiB total, 52.839 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

.

==== Installed Programs ======================

.

Acrobat.com

Adobe Flash Player 11 Plugin

Adobe Flash Player 9 ActiveX

Adobe Flash Player ActiveX

Adobe Reader 9

Amazon Links

AppCore

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Backup

Bonjour

ccCommon

CD/DVD Drive Acoustic Silencer

Compatibility Pack for the 2007 Office system

DVD MovieFactory for TOSHIBA

GearDrvs

GIMP 2.8.4

GoGear VIBE Device Manager

Google Desktop

Google Toolbar for Internet Explorer

Google Update Helper

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Intel® Graphics Media Accelerator Driver

Intel® Matrix Storage Manager

iTunes

Java 6 Update 6

League of Legends

LiveUpdate (Symantec Corporation)

Malwarebytes Anti-Malware version 1.75.0.1300

Media Converter for Philips

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2010

Microsoft Visual C++ 2005 Redistributable

Microsoft Works

Microsoft XML Parser

Mozilla Firefox 20.0.1 (x86 en-US)

Mozilla Maintenance Service

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Norton 360

Norton 360 (Symantec Corporation)

Norton 360 HTMLHelp

Norton Confidential Core

Opera 11.60

PaintTool SAI Ver.1

Pando Media Booster

Picasa 2

QuickBooks Financial Center

QuickTime

Razer Game Booster

Realtek 8169 8168 8101E 8102E Ethernet Driver

Realtek High Definition Audio Driver

REALTEK RTL8187B Wireless LAN Driver

Realtek USB 2.0 Card Reader

Realtek WiFi Protected Setup Library

RuneScape Launcher 1.2.2

Search Protect by conduit

Search Spin Toolbar

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Windows Media Encoder (KB2447961)

Security Update for Windows Media Encoder (KB954156)

Security Update for Windows Media Encoder (KB979332)

SPBBC 32bit

Spybot - Search & Destroy

Symantec Real Time Storage Protection Component

Symantec Technical Support Controls

SymNet

Synaptics Pointing Device Driver

TOSHIBA Assist

TOSHIBA ConfigFree

TOSHIBA Desktop Links

TOSHIBA Disc Creator

TOSHIBA DVD PLAYER

TOSHIBA Extended Tiles for Windows Mobility Center

TOSHIBA Hardware Setup

TOSHIBA Recovery Disc Creator

Toshiba Registration

TOSHIBA Service Station

TOSHIBA Speech System Applications

TOSHIBA Speech System SR Engine(U.S.) Version1.0

TOSHIBA Speech System TTS Engine(U.S.) Version1.0

TOSHIBA Supervisor Password

TOSHIBA Value Added Package

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update Installer for WildTangent Games App

WildTangent Games

WildTangent Games App (Toshiba Games)

Windows Media Encoder 9 Series

WinRAR 4.01 (32-bit)

WinZip 16.5

World of Warcraft

World of Warcraft Trial

.

==== End Of File ===========================

Link to post
Share on other sites

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

P2P Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Make sure you're subscribed to this topic:
Click on the
Follow This Topic Button
(at the top right of this page), make sure that the
Receive notification
box is checked and that it is set to
Instantly

Removing malware can be unpredictable
...things can go very wrong!
Backup
any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>
Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>
Please stick with me until I give you the "all clear".

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

Thanks for the quick reply.

Here is the report.

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6001 Service Pack 1) 32 bits version

Started in : Normal mode

User : Savannah [Admin rights]

Mode : Scan -- Date : 05/03/2013 16:58:15

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : SearchProtect (C:\Users\Savannah\AppData\Roaming\SearchProtect\bin\cltmng.exe) [7] -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-3730676766-1739330670-3129680747-1000[...]\Run : SearchProtect (C:\Users\Savannah\AppData\Roaming\SearchProtect\bin\cltmng.exe) [7] -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

SSDT[13] : NtAlertResumeThread @ 0x820DEEE9 -> HOOKED (Unknown @ 0x869C3900)

SSDT[14] : NtAlertThread @ 0x82044305 -> HOOKED (Unknown @ 0x869C3AA0)

SSDT[18] : NtAllocateVirtualMemory @ 0x8207BE68 -> HOOKED (Unknown @ 0x868303E8)

SSDT[21] : NtAlpcConnectPort @ 0x820354F3 -> HOOKED (Unknown @ 0x868F62B8)

SSDT[67] : NtCreateMutant @ 0x8207FF77 -> HOOKED (Unknown @ 0x869E3890)

SSDT[78] : NtCreateThread @ 0x820DD560 -> HOOKED (Unknown @ 0x869E9A58)

SSDT[116] : NtDebugActiveProcess @ 0x820B0AD8 -> HOOKED (Unknown @ 0x869E22A0)

SSDT[147] : NtFreeVirtualMemory @ 0x81EDACE7 -> HOOKED (Unknown @ 0x864F7A90)

SSDT[156] : NtImpersonateAnonymousToken @ 0x82004257 -> HOOKED (Unknown @ 0x869E3960)

SSDT[158] : NtImpersonateThread @ 0x82016980 -> HOOKED (Unknown @ 0x869E3AE8)

SSDT[177] : NtMapViewOfSection @ 0x8206DAFE -> HOOKED (Unknown @ 0x864F78E0)

SSDT[184] : NtOpenEvent @ 0x8202F451 -> HOOKED (Unknown @ 0x869BDA08)

SSDT[195] : NtOpenProcessToken @ 0x8205667B -> HOOKED (Unknown @ 0x869C9270)

SSDT[202] : NtOpenThreadToken @ 0x82056E51 -> HOOKED (Unknown @ 0x86963B18)

SSDT[282] : NtResumeThread @ 0x8204A924 -> HOOKED (Unknown @ 0x8691D948)

SSDT[289] : NtSetContextThread @ 0x820DE233 -> HOOKED (Unknown @ 0x86963A58)

SSDT[305] : NtSetInformationProcess @ 0x8207DA24 -> HOOKED (Unknown @ 0x865A7950)

SSDT[306] : NtSetInformationThread @ 0x8204BEB4 -> HOOKED (Unknown @ 0x869638A8)

SSDT[330] : NtSuspendProcess @ 0x820DEE23 -> HOOKED (Unknown @ 0x868FD3E0)

SSDT[331] : NtSuspendThread @ 0x8209BCEA -> HOOKED (Unknown @ 0x8696DAC8)

SSDT[334] : NtTerminateProcess @ 0x8202C2F0 -> HOOKED (Unknown @ 0x86A77238)

SSDT[335] : NtTerminateThread @ 0x82058AF3 -> HOOKED (Unknown @ 0x86965AA0)

SSDT[348] : NtUnmapViewOfSection @ 0x8206E155 -> HOOKED (Unknown @ 0x865A7AE8)

SSDT[358] : NtWriteVirtualMemory @ 0x82057033 -> HOOKED (Unknown @ 0x869E5AE8)

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

::1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK1655GSX +++++

--- User ---

[MBR] 83e084d363d02dd91b3edf71f963059c

[bSP] c8df17ab07f696c9e7a3154dd4e3b14c : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 143737 Mo

2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 297447424 | Size: 7389 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_05032013_02d1658.txt >>

RKreport[1]_S_05032013_02d1658.txt

Link to post
Share on other sites

OK, uninstall these from your add/remove programs in possible:

Search Protect by conduit

Search Spin Toolbar

Then...........

Please download AdwCleaner from here and save it on your Desktop.

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.

AdwCleaner is a tool that deletes :

· Adwares (software ads)

· PUP/LPI (Potentially Undesirable Program)

· Toolbars

· Hijacker (Hijack of the browser's homepage)

It works with a Search and Deletion method. It can be easily uninstalled using the "Uninstall" mode.

  1. Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
  2. Now click on the Search tab.
  3. Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Note:

Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.

If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

Please note that Antivir Webguard uses ASK Toolbar as part of its web security. If you remove ASK by using Adwcleaner, Antivir Webguard will no longer work properly. Therefore, if you use this program please use the instructions below to access the options screen where you should enable /DisableAskDetections before using AdwCleaner.

You can click on the question mark (?) in the upper left corner of the program and then click on Options. You will then be presented with a dialog where you can disable various detections. These options are described below:

/DisableAskDetection - This option disables Ask Toolbar detection.

MrC

Link to post
Share on other sites

Ok, I uninstalled those two files. I looked over the found files, and dont see anything I want to keep. I do see lots of "Sweetim" files. I take it those are the problem? There are also some files about conduit, even those I uninstalled it. Also, I dont really care about the AVG search being removed. I'd actually rather prefer it.

# AdwCleaner v2.300 - Logfile created 05/03/2013 at 17:05:51

# Updated 28/04/2013 by Xplode

# Operating system : Windows Vista Home Basic Service Pack 1 (32 bits)

# User : Savannah - SAVANNAH-PC

# Boot Mode : Normal

# Running from : C:\Users\Savannah\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

File Found : C:\END

File Found : C:\Users\Savannah\AppData\Roaming\Mozilla\Firefox\Profiles\1ayt5e2l.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi

File Found : C:\Users\Savannah\AppData\Roaming\Mozilla\Firefox\Profiles\1ayt5e2l.default\searchplugins\Conduit.xml

Folder Found : C:\Program Files\Conduit

Folder Found : C:\Users\Savannah\AppData\Local\Conduit

Folder Found : C:\Users\Savannah\AppData\Local\Temp\avg@toolbar

Folder Found : C:\Users\Savannah\AppData\Local\Temp\CT3241284

Folder Found : C:\Users\Savannah\AppData\LocalLow\Conduit

Folder Found : C:\Users\Savannah\AppData\LocalLow\PriceGong

Folder Found : C:\Users\Savannah\AppData\Roaming\Mozilla\Firefox\Profiles\1ayt5e2l.default\CT3241284

Folder Found : C:\Users\Savannah\AppData\Roaming\Mozilla\Firefox\Profiles\1ayt5e2l.default\extensions\{fe02a3ef-6cd5-4dc6-8cf4-f3bcac60bc7c}

Folder Found : C:\Users\Savannah\AppData\Roaming\Mozilla\Firefox\Profiles\1ayt5e2l.default\Smartbar

Folder Found : C:\Users\Savannah\AppData\Roaming\Mozilla\Firefox\Profiles\1ayt5e2l.default\StumbleUpon

Folder Found : C:\Users\Savannah\AppData\Roaming\Mozilla\Firefox\Profiles\1ayt5e2l.default\SweetPacksToolbarData

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit

Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Found : HKCU\Software\AppDataLow\Software\PriceGong

Key Found : HKCU\Software\AppDataLow\Software\SmartBar

Key Found : HKCU\Software\Conduit

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKCU\Software\SearchProtect

Key Found : HKCU\Software\Softonic

Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3241284

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Found : HKLM\Software\Conduit

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966

Key Found : HKLM\SOFTWARE\Software

Key Found : HKU\S-1-5-21-3730676766-1739330670-3129680747-1000\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.19088

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\Savannah\AppData\Roaming\Mozilla\Firefox\Profiles\1ayt5e2l.default\prefs.js

Found : user_pref("CT3241284.1000234.TWC_TMP_city", "KENT");

Found : user_pref("CT3241284.1000234.TWC_TMP_country", "US");

Found : user_pref("CT3241284.1000234.TWC_country", "UNITED STATES");

Found : user_pref("CT3241284.1000234.TWC_locId", "USWA0206");

Found : user_pref("CT3241284.1000234.TWC_location", "Kent, WA");

Found : user_pref("CT3241284.1000234.TWC_region", "US");

Found : user_pref("CT3241284.1000234.TWC_temp_dis", "f");

Found : user_pref("CT3241284.1000234.TWC_wind_dis", "mph");

Found : user_pref("CT3241284.1000234.weatherData", "{\"icon\":\"26.png\",\"temperature\":\"42°F\",\"temperat[...]

Found : user_pref("CT3241284.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");

Found : user_pref("CT3241284.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]

Found : user_pref("CT3241284.FF19Solved", "true");

Found : user_pref("CT3241284.FirstTime", "true");

Found : user_pref("CT3241284.FirstTimeFF3", "true");

Found : user_pref("CT3241284.PG_ENABLE", "dHJ1ZQ==");

Found : user_pref("CT3241284.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT324[...]

Found : user_pref("CT3241284.UserID", "UN13097975252358819");

Found : user_pref("CT3241284.addressBarTakeOverEnabledInHidden", "true");

Found : user_pref("CT3241284.autoDisableScopes", 0);

Found : user_pref("CT3241284.browser.search.defaultthis.engineName", "true");

Found : user_pref("CT3241284.defaultSearch", "true");

Found : user_pref("CT3241284.enableAlerts", "true");

Found : user_pref("CT3241284.enableFix404ByUser", "FALSE");

Found : user_pref("CT3241284.enableSearchFromAddressBar", "true");

Found : user_pref("CT3241284.firstTimeDialogOpened", "true");

Found : user_pref("CT3241284.fixPageNotFoundError", "true");

Found : user_pref("CT3241284.fixPageNotFoundErrorByUser", "true");

Found : user_pref("CT3241284.fixPageNotFoundErrorInHidden", "true");

Found : user_pref("CT3241284.fixUrls", true);

Found : user_pref("CT3241284.hxxp___pinterest_aot_im.isEnabled.enc", "WQ==");

Found : user_pref("CT3241284.installDate", "15/4/2013 21:10:32");

Found : user_pref("CT3241284.installId", "tmpdfc9.exe");

Found : user_pref("CT3241284.installType", "conduitnsisintegration");

Found : user_pref("CT3241284.installUsage", "2013-04-16T07:15:57.8533873+03:00");

Found : user_pref("CT3241284.installUsageEarly", "2013-04-16T07:15:55.5564535+03:00");

Found : user_pref("CT3241284.installerVersion", "1.3.7.3");

Found : user_pref("CT3241284.isCheckedStartAsHidden", true);

Found : user_pref("CT3241284.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");

Found : user_pref("CT3241284.isFirstTimeToolbarLoading", "false");

Found : user_pref("CT3241284.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");

Found : user_pref("CT3241284.keyword", "true");

Found : user_pref("CT3241284.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://search.condui[...]

Found : user_pref("CT3241284.lastVersion", "10.15.2.523");

Found : user_pref("CT3241284.mam_gk_installer_preapproved.enc", "ZmFsc2U=");

Found : user_pref("CT3241284.migrateAppsAndComponents", true);

Found : user_pref("CT3241284.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"[...]

Found : user_pref("CT3241284.openThankYouPage", "false");

Found : user_pref("CT3241284.openUninstallPage", "true");

Found : user_pref("CT3241284.revertSettingsEnabled", "false");

Found : user_pref("CT3241284.search.searchAppId", "129883967008082178");

Found : user_pref("CT3241284.search.searchCount", "0");

Found : user_pref("CT3241284.searchFromAddressBarEnabledByUser", "true");

Found : user_pref("CT3241284.searchInNewTabEnabledByUser", "false");

Found : user_pref("CT3241284.searchInNewTabEnabledInHidden", "true");

Found : user_pref("CT3241284.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");

Found : user_pref("CT3241284.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]

Found : user_pref("CT3241284.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]

Found : user_pref("CT3241284.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]

Found : user_pref("CT3241284.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]

Found : user_pref("CT3241284.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]

Found : user_pref("CT3241284.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]

Found : user_pref("CT3241284.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1366085751535");

Found : user_pref("CT3241284.serviceLayer_services_appsMetadata_lastUpdate", "1366085751412");

Found : user_pref("CT3241284.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1366085751201");

Found : user_pref("CT3241284.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1366085749[...]

Found : user_pref("CT3241284.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1366085752088")[...]

Found : user_pref("CT3241284.serviceLayer_services_location_lastUpdate", "1367561522391");

Found : user_pref("CT3241284.serviceLayer_services_login_10.15.2.23_lastUpdate", "1366162482308");

Found : user_pref("CT3241284.serviceLayer_services_login_10.15.2.523_lastUpdate", "1367622813538");

Found : user_pref("CT3241284.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1366085751323");

Found : user_pref("CT3241284.serviceLayer_services_searchAPI_lastUpdate", "1366085749411");

Found : user_pref("CT3241284.serviceLayer_services_serviceMap_lastUpdate", "1367561522001");

Found : user_pref("CT3241284.serviceLayer_services_toolbarContextMenu_lastUpdate", "1366085751043");

Found : user_pref("CT3241284.serviceLayer_services_toolbarSettings_lastUpdate", "1367622813199");

Found : user_pref("CT3241284.serviceLayer_services_translation_lastUpdate", "1367561522376");

Found : user_pref("CT3241284.settingsINI", true);

Found : user_pref("CT3241284.shouldFirstTimeDialog", "false");

Found : user_pref("CT3241284.showToolbarPermission", "false");

Found : user_pref("CT3241284.smartbar.CTID", "CT3241284");

Found : user_pref("CT3241284.smartbar.Uninstall", "0");

Found : user_pref("CT3241284.smartbar.isHidden", true);

Found : user_pref("CT3241284.smartbar.toolbarName", "Search Spin ");

Found : user_pref("CT3241284.startPage", "false");

Found : user_pref("CT3241284.toolbarBornServerTime", "16-4-2013");

Found : user_pref("CT3241284.toolbarCurrentServerTime", "4-5-2013");

Found : user_pref("CT3241284.toolbarLoginClientTime", "Mon Apr 15 2013 21:15:51 GMT-0700 (Pacific Daylight T[...]

Found : user_pref("CT3241284_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]

Found : user_pref("Smartbar.ConduitSearchEngineList", "");

Found : user_pref("Smartbar.ConduitSearchUrlList", "");

Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://start.sweetpacks.com/?src=2&st=12&barid={[...]

Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3241284");

Found : user_pref("browser.search.defaultthis.engineName", "Search Spin Customized Web Search");

Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3241284&CUI[...]

Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3241284&SearchSource=2&CU[...]

Found : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]

Found : user_pref("smartbar.machineId", "3NFNB0LSTTRNXQDE4ZX4+5XHYTTXPDHF3QBMGEXHVTONMZXCJRGOKXBHOHENR+BXTSK[...]

Found : user_pref("smartbar.originalSearchAddressUrl", "hxxp://start.sweetpacks.com/?src=2&st=12&barid={5996[...]

Found : user_pref("smartbar.originalSearchEngine", "Bing");

Found : user_pref("sweetim.toolbar.RevertDialog.enable", "false");

Found : user_pref("sweetim.toolbar.SearchBoxLogo", "bing.png");

Found : user_pref("sweetim.toolbar.SearchBoxText", "Search with Bing");

Found : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");

Found : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "1367526708837");

Found : user_pref("sweetim.toolbar.Visibility.enable", "true");

Found : user_pref("sweetim.toolbar.Visibility.intervaldays", "7");

Found : user_pref("sweetim.toolbar.cargo", "3.5000006.10042");

Found : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "false");

Found : user_pref("sweetim.toolbar.cda.HideOveride.enable", "false");

Found : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "false");

Found : user_pref("sweetim.toolbar.defaultProvider", "bng");

Found : user_pref("sweetim.toolbar.dialogs.0.enable", "true");

Found : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-h[...]

Found : user_pref("sweetim.toolbar.dialogs.0.height", "335");

Found : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");

Found : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");

Found : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?la[...]

Found : user_pref("sweetim.toolbar.dialogs.0.width", "761");

Found : user_pref("sweetim.toolbar.dialogs.1.enable", "true");

Found : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-h[...]

Found : user_pref("sweetim.toolbar.dialogs.1.height", "300");

Found : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");

Found : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");

Found : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html"[...]

Found : user_pref("sweetim.toolbar.dialogs.1.width", "500");

Found : user_pref("sweetim.toolbar.dialogs.2.enable", "true");

Found : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handl[...]

Found : user_pref("sweetim.toolbar.dialogs.2.height", "150");

Found : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");

Found : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");

Found : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");

Found : user_pref("sweetim.toolbar.dialogs.2.width", "530");

Found : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.goog[...]

Found : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");

Found : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");

Found : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");

Found : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");

Found : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");

Found : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");

Found : user_pref("sweetim.toolbar.mode.debug", "false");

Found : user_pref("sweetim.toolbar.newtab.created", "true");

Found : user_pref("sweetim.toolbar.newtab.enable", "true");

Found : user_pref("sweetim.toolbar.newtab.url", "hxxp://start.sweetpacks.com/?src=97&barid=$toolbar_id;&crg=[...]

Found : user_pref("sweetim.toolbar.previous.browser.newtab.url", "about:newtab");

Found : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "AVG Secure Search");

Found : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Google");

Found : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");

Found : user_pref("sweetim.toolbar.previous.keyword.URL", "");

Found : user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_V[...]

Found : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");

Found : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");

Found : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");

Found : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");

Found : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");

Found : user_pref("sweetim.toolbar.scripts.0.enable", "false");

Found : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");

Found : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");

Found : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");

Found : user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");

Found : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");

Found : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*");

Found : user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");

Found : user_pref("sweetim.toolbar.scripts.1.enable", "false");

Found : user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS");

Found : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");

Found : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");

Found : user_pref("sweetim.toolbar.scripts.2.callback", "");

Found : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..[...]

Found : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");

Found : user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");

Found : user_pref("sweetim.toolbar.scripts.2.enable", "false");

Found : user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");

Found : user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?[...]

Found : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]

Found : user_pref("sweetim.toolbar.search.history.capacity", "10");

Found : user_pref("sweetim.toolbar.searchguard.enable", "false");

Found : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");

Found : user_pref("sweetim.toolbar.simapp_id", "{5996A8A0-A64B-11E2-BF51-001E33C1DC63}");

Found : user_pref("sweetim.toolbar.urls.afteruninstall", "hxxp://toolbar.sweetpacks.com/uninstallbar.asp?bar[...]

Found : user_pref("sweetim.toolbar.urls.contactus", "hxxp://www.perion.com/contact-us");

Found : user_pref("sweetim.toolbar.urls.homepage", "hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.[...]

Found : user_pref("sweetim.toolbar.urls.privacy", "hxxp://www.perion.com/privacy-policy");

Found : user_pref("sweetim.toolbar.urls.searchpage", "hxxp://start.sweetpacks.com/?barid=$toolbar_id;");

Found : user_pref("sweetim.toolbar.urls.uninstall", "hxxp://toolbar.sweetpacks.com/uninstall");

Found : user_pref("sweetim.toolbar.version", "1.12.0.0");

Found : user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=too[...]

Found : user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]

-\\ Opera v11.60.1185.0

File : C:\Users\Savannah\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [19607 octets] - [03/05/2013 17:05:51]

########## EOF - C:\AdwCleaner[R1].txt - [19668 octets] ##########

Link to post
Share on other sites

Lots of adware found....lets clear it out.....

  1. Please re-run AdwCleaner
  2. Click on Delete button.
  3. Confirm each time with OK if asked.
  4. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

Then......Reboot and let me know what problems remain.....MrC

Link to post
Share on other sites

Alright, here are the deleted logs. When I open a new browser tab, it no longer redirects to the sweetpacks page. Out of curiosity, why was stumbleupon deleted? Is it adware, or just a false positive? Either way, Savannah and I both thank you greatly for your help.

# AdwCleaner v2.300 - Logfile created 05/03/2013 at 17:14:21

# Updated 28/04/2013 by Xplode

# Operating system : Windows Vista Home Basic Service Pack 1 (32 bits)

# User : Savannah - SAVANNAH-PC

# Boot Mode : Normal

# Running from : C:\Users\Savannah\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\END

File Deleted : C:\Users\Savannah\AppData\Roaming\Mozilla\Firefox\Profiles\1ayt5e2l.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi

File Deleted : C:\Users\Savannah\AppData\Roaming\Mozilla\Firefox\Profiles\1ayt5e2l.default\searchplugins\Conduit.xml

Folder Deleted : C:\Program Files\Conduit

Folder Deleted : C:\Users\Savannah\AppData\Local\Conduit

Folder Deleted : C:\Users\Savannah\AppData\Local\Temp\avg@toolbar

Folder Deleted : C:\Users\Savannah\AppData\Local\Temp\CT3241284

Folder Deleted : C:\Users\Savannah\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Savannah\AppData\LocalLow\PriceGong

Folder Deleted : C:\Users\Savannah\AppData\Roaming\Mozilla\Firefox\Profiles\1ayt5e2l.default\CT3241284

Folder Deleted : C:\Users\Savannah\AppData\Roaming\Mozilla\Firefox\Profiles\1ayt5e2l.default\extensions\{fe02a3ef-6cd5-4dc6-8cf4-f3bcac60bc7c}

Folder Deleted : C:\Users\Savannah\AppData\Roaming\Mozilla\Firefox\Profiles\1ayt5e2l.default\Smartbar

Folder Deleted : C:\Users\Savannah\AppData\Roaming\Mozilla\Firefox\Profiles\1ayt5e2l.default\StumbleUpon

Folder Deleted : C:\Users\Savannah\AppData\Roaming\Mozilla\Firefox\Profiles\1ayt5e2l.default\SweetPacksToolbarData

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKCU\Software\SearchProtect

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3241284

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966

Key Deleted : HKLM\SOFTWARE\Software

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.19088

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\Savannah\AppData\Roaming\Mozilla\Firefox\Profiles\1ayt5e2l.default\prefs.js

Deleted : user_pref("CT3241284.1000234.TWC_TMP_city", "KENT");

Deleted : user_pref("CT3241284.1000234.TWC_TMP_country", "US");

Deleted : user_pref("CT3241284.1000234.TWC_country", "UNITED STATES");

Deleted : user_pref("CT3241284.1000234.TWC_locId", "USWA0206");

Deleted : user_pref("CT3241284.1000234.TWC_location", "Kent, WA");

Deleted : user_pref("CT3241284.1000234.TWC_region", "US");

Deleted : user_pref("CT3241284.1000234.TWC_temp_dis", "f");

Deleted : user_pref("CT3241284.1000234.TWC_wind_dis", "mph");

Deleted : user_pref("CT3241284.1000234.weatherData", "{\"icon\":\"26.png\",\"temperature\":\"42°F\",\"temperat[...]

Deleted : user_pref("CT3241284.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");

Deleted : user_pref("CT3241284.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]

Deleted : user_pref("CT3241284.FF19Solved", "true");

Deleted : user_pref("CT3241284.FirstTime", "true");

Deleted : user_pref("CT3241284.FirstTimeFF3", "true");

Deleted : user_pref("CT3241284.PG_ENABLE", "dHJ1ZQ==");

Deleted : user_pref("CT3241284.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT324[...]

Deleted : user_pref("CT3241284.UserID", "UN13097975252358819");

Deleted : user_pref("CT3241284.addressBarTakeOverEnabledInHidden", "true");

Deleted : user_pref("CT3241284.autoDisableScopes", 0);

Deleted : user_pref("CT3241284.browser.search.defaultthis.engineName", "true");

Deleted : user_pref("CT3241284.defaultSearch", "true");

Deleted : user_pref("CT3241284.enableAlerts", "true");

Deleted : user_pref("CT3241284.enableFix404ByUser", "FALSE");

Deleted : user_pref("CT3241284.enableSearchFromAddressBar", "true");

Deleted : user_pref("CT3241284.firstTimeDialogOpened", "true");

Deleted : user_pref("CT3241284.fixPageNotFoundError", "true");

Deleted : user_pref("CT3241284.fixPageNotFoundErrorByUser", "true");

Deleted : user_pref("CT3241284.fixPageNotFoundErrorInHidden", "true");

Deleted : user_pref("CT3241284.fixUrls", true);

Deleted : user_pref("CT3241284.hxxp___pinterest_aot_im.isEnabled.enc", "WQ==");

Deleted : user_pref("CT3241284.installDate", "15/4/2013 21:10:32");

Deleted : user_pref("CT3241284.installId", "tmpdfc9.exe");

Deleted : user_pref("CT3241284.installType", "conduitnsisintegration");

Deleted : user_pref("CT3241284.installUsage", "2013-04-16T07:15:57.8533873+03:00");

Deleted : user_pref("CT3241284.installUsageEarly", "2013-04-16T07:15:55.5564535+03:00");

Deleted : user_pref("CT3241284.installerVersion", "1.3.7.3");

Deleted : user_pref("CT3241284.isCheckedStartAsHidden", true);

Deleted : user_pref("CT3241284.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");

Deleted : user_pref("CT3241284.isFirstTimeToolbarLoading", "false");

Deleted : user_pref("CT3241284.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");

Deleted : user_pref("CT3241284.keyword", "true");

Deleted : user_pref("CT3241284.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://search.condui[...]

Deleted : user_pref("CT3241284.lastVersion", "10.15.2.523");

Deleted : user_pref("CT3241284.mam_gk_installer_preapproved.enc", "ZmFsc2U=");

Deleted : user_pref("CT3241284.migrateAppsAndComponents", true);

Deleted : user_pref("CT3241284.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fforums.malwareby[...]

Deleted : user_pref("CT3241284.openThankYouPage", "false");

Deleted : user_pref("CT3241284.openUninstallPage", "true");

Deleted : user_pref("CT3241284.revertSettingsEnabled", "false");

Deleted : user_pref("CT3241284.search.searchAppId", "129883967008082178");

Deleted : user_pref("CT3241284.search.searchCount", "0");

Deleted : user_pref("CT3241284.searchFromAddressBarEnabledByUser", "true");

Deleted : user_pref("CT3241284.searchInNewTabEnabledByUser", "false");

Deleted : user_pref("CT3241284.searchInNewTabEnabledInHidden", "true");

Deleted : user_pref("CT3241284.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");

Deleted : user_pref("CT3241284.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]

Deleted : user_pref("CT3241284.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]

Deleted : user_pref("CT3241284.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]

Deleted : user_pref("CT3241284.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]

Deleted : user_pref("CT3241284.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]

Deleted : user_pref("CT3241284.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]

Deleted : user_pref("CT3241284.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1366085751535");

Deleted : user_pref("CT3241284.serviceLayer_services_appsMetadata_lastUpdate", "1366085751412");

Deleted : user_pref("CT3241284.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1366085751201");

Deleted : user_pref("CT3241284.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1366085749[...]

Deleted : user_pref("CT3241284.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1366085752088")[...]

Deleted : user_pref("CT3241284.serviceLayer_services_location_lastUpdate", "1367561522391");

Deleted : user_pref("CT3241284.serviceLayer_services_login_10.15.2.23_lastUpdate", "1366162482308");

Deleted : user_pref("CT3241284.serviceLayer_services_login_10.15.2.523_lastUpdate", "1367622813538");

Deleted : user_pref("CT3241284.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1366085751323");

Deleted : user_pref("CT3241284.serviceLayer_services_searchAPI_lastUpdate", "1366085749411");

Deleted : user_pref("CT3241284.serviceLayer_services_serviceMap_lastUpdate", "1367561522001");

Deleted : user_pref("CT3241284.serviceLayer_services_toolbarContextMenu_lastUpdate", "1366085751043");

Deleted : user_pref("CT3241284.serviceLayer_services_toolbarSettings_lastUpdate", "1367622813199");

Deleted : user_pref("CT3241284.serviceLayer_services_translation_lastUpdate", "1367561522376");

Deleted : user_pref("CT3241284.settingsINI", true);

Deleted : user_pref("CT3241284.shouldFirstTimeDialog", "false");

Deleted : user_pref("CT3241284.showToolbarPermission", "false");

Deleted : user_pref("CT3241284.smartbar.CTID", "CT3241284");

Deleted : user_pref("CT3241284.smartbar.Uninstall", "0");

Deleted : user_pref("CT3241284.smartbar.isHidden", true);

Deleted : user_pref("CT3241284.smartbar.toolbarName", "Search Spin ");

Deleted : user_pref("CT3241284.startPage", "false");

Deleted : user_pref("CT3241284.toolbarBornServerTime", "16-4-2013");

Deleted : user_pref("CT3241284.toolbarCurrentServerTime", "4-5-2013");

Deleted : user_pref("CT3241284.toolbarLoginClientTime", "Mon Apr 15 2013 21:15:51 GMT-0700 (Pacific Daylight T[...]

Deleted : user_pref("CT3241284_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]

Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");

Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");

Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://start.sweetpacks.com/?src=2&st=12&barid={[...]

Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3241284");

Deleted : user_pref("browser.search.defaultthis.engineName", "Search Spin Customized Web Search");

Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3241284&CUI[...]

Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3241284&SearchSource=2&CU[...]

Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]

Deleted : user_pref("smartbar.machineId", "3NFNB0LSTTRNXQDE4ZX4+5XHYTTXPDHF3QBMGEXHVTONMZXCJRGOKXBHOHENR+BXTSK[...]

Deleted : user_pref("smartbar.originalSearchAddressUrl", "hxxp://start.sweetpacks.com/?src=2&st=12&barid={5996[...]

Deleted : user_pref("smartbar.originalSearchEngine", "Bing");

Deleted : user_pref("sweetim.toolbar.RevertDialog.enable", "false");

Deleted : user_pref("sweetim.toolbar.SearchBoxLogo", "bing.png");

Deleted : user_pref("sweetim.toolbar.SearchBoxText", "Search with Bing");

Deleted : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");

Deleted : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "1367526708837");

Deleted : user_pref("sweetim.toolbar.Visibility.enable", "true");

Deleted : user_pref("sweetim.toolbar.Visibility.intervaldays", "7");

Deleted : user_pref("sweetim.toolbar.cargo", "3.5000006.10042");

Deleted : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "false");

Deleted : user_pref("sweetim.toolbar.cda.HideOveride.enable", "false");

Deleted : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "false");

Deleted : user_pref("sweetim.toolbar.defaultProvider", "bng");

Deleted : user_pref("sweetim.toolbar.dialogs.0.enable", "true");

Deleted : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-h[...]

Deleted : user_pref("sweetim.toolbar.dialogs.0.height", "335");

Deleted : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");

Deleted : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");

Deleted : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?la[...]

Deleted : user_pref("sweetim.toolbar.dialogs.0.width", "761");

Deleted : user_pref("sweetim.toolbar.dialogs.1.enable", "true");

Deleted : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-h[...]

Deleted : user_pref("sweetim.toolbar.dialogs.1.height", "300");

Deleted : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");

Deleted : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");

Deleted : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html"[...]

Deleted : user_pref("sweetim.toolbar.dialogs.1.width", "500");

Deleted : user_pref("sweetim.toolbar.dialogs.2.enable", "true");

Deleted : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handl[...]

Deleted : user_pref("sweetim.toolbar.dialogs.2.height", "150");

Deleted : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");

Deleted : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");

Deleted : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");

Deleted : user_pref("sweetim.toolbar.dialogs.2.width", "530");

Deleted : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.goog[...]

Deleted : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");

Deleted : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");

Deleted : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");

Deleted : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");

Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");

Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");

Deleted : user_pref("sweetim.toolbar.mode.debug", "false");

Deleted : user_pref("sweetim.toolbar.newtab.created", "true");

Deleted : user_pref("sweetim.toolbar.newtab.enable", "true");

Deleted : user_pref("sweetim.toolbar.newtab.url", "hxxp://start.sweetpacks.com/?src=97&barid=$toolbar_id;&crg=[...]

Deleted : user_pref("sweetim.toolbar.previous.browser.newtab.url", "about:newtab");

Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "AVG Secure Search");

Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Google");

Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");

Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");

Deleted : user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_V[...]

Deleted : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");

Deleted : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");

Deleted : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");

Deleted : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");

Deleted : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");

Deleted : user_pref("sweetim.toolbar.scripts.0.enable", "false");

Deleted : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");

Deleted : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");

Deleted : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");

Deleted : user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");

Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");

Deleted : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*");

Deleted : user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");

Deleted : user_pref("sweetim.toolbar.scripts.1.enable", "false");

Deleted : user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS");

Deleted : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");

Deleted : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");

Deleted : user_pref("sweetim.toolbar.scripts.2.callback", "");

Deleted : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..[...]

Deleted : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");

Deleted : user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");

Deleted : user_pref("sweetim.toolbar.scripts.2.enable", "false");

Deleted : user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");

Deleted : user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?[...]

Deleted : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]

Deleted : user_pref("sweetim.toolbar.search.history.capacity", "10");

Deleted : user_pref("sweetim.toolbar.searchguard.enable", "false");

Deleted : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");

Deleted : user_pref("sweetim.toolbar.simapp_id", "{5996A8A0-A64B-11E2-BF51-001E33C1DC63}");

Deleted : user_pref("sweetim.toolbar.urls.afteruninstall", "hxxp://toolbar.sweetpacks.com/uninstallbar.asp?bar[...]

Deleted : user_pref("sweetim.toolbar.urls.contactus", "hxxp://www.perion.com/contact-us");

Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.[...]

Deleted : user_pref("sweetim.toolbar.urls.privacy", "hxxp://www.perion.com/privacy-policy");

Deleted : user_pref("sweetim.toolbar.urls.searchpage", "hxxp://start.sweetpacks.com/?barid=$toolbar_id;");

Deleted : user_pref("sweetim.toolbar.urls.uninstall", "hxxp://toolbar.sweetpacks.com/uninstall");

Deleted : user_pref("sweetim.toolbar.version", "1.12.0.0");

Deleted : user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=too[...]

Deleted : user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]

-\\ Opera v11.60.1185.0

File : C:\Users\Savannah\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [19738 octets] - [03/05/2013 17:05:51]

AdwCleaner[R2].txt - [19799 octets] - [03/05/2013 17:14:05]

AdwCleaner[s1].txt - [20032 octets] - [03/05/2013 17:14:21]

########## EOF - C:\AdwCleaner[s1].txt - [20093 octets] ##########

Link to post
Share on other sites

No you don't need that...we can check your computers security before you go:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!

MrC

Link to post
Share on other sites

Here it is.

Results of screen317's Security Check version 0.99.63

Windows Vista Service Pack 1 x86 (UAC is enabled)

Out of date service pack!!

Internet Explorer 8 Out of date!

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Norton 360

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Spybot - Search & Destroy

Malwarebytes Anti-Malware version 1.75.0.1300

Java 6 Update 6

Java version out of Date!

Adobe Flash Player 9 Flash Player out of Date!

Adobe Flash Player 11.6.602.180

Adobe Reader 9 Adobe Reader out of Date!

Mozilla Firefox (20.0.1)

````````Process Check: objlist.exe by Laurent````````

Norton ccSvcHst.exe

Windows Defender MSASCui.exe

Windows Defender MSASCui.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: %

````````````````````End of Log``````````````````````

Link to post
Share on other sites

Out dated programs on the system are vulnerable to malware.

Please update or uninstall them:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Windows Vista Service Pack 1 x86 (UAC is enabled)

Out of date service pack!! <---please visit Windows Update for this

--------------------------

Java™ 6 Update 6 <---please uninstall from your add/remove programs

Java version out of Date! <-------Download and install the latest version from Here

Uncheck the box to install the Ask toolbar!!! and any other free "stuff".

Adobe Flash Player 9 Flash Player out of Date! <---please uninstall from add/remove programs

Adobe Flash Player 11.6.602.180 <---OK

Adobe Reader 9 Adobe Reader out of Date! <---please check for an update if available or uninstall and download and install Foxit Reader which is less vulnerable to malware and much better than Adobe. Don't install any toolbars that may come with it (ASK Toolbar).

-------------------------------------

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

If you used DeFogger to disable your CD Emulation drivers, please re-enable them.

-------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

http://www.itxassoci...T-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.