Jump to content

Homepage problem, keeps redirecting, DDS log

zma1013

By zma1013
in Resolved Malware Removal Logs

 Share

Recommended Posts

zma1013

zma1013

Posted
Posted

So this computer had some problems with pop-ups and a homepage which refused to change.  It's stuck on something called "dosearch."  I ran MBAM and it got rid of the pop up but the homepage is still broken on Internet Explorer.  Here is are the DDS logs.

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by pmoore at 11:31:33 on 2013-11-20
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1014.287 [GMT -5:00]
.
AV: Kaspersky Anti-Virus *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\Program Files\Kaspersky Lab\NetworkAgent\klnagent.exe
C:\WINDOWS\LogWatNT.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\ImageMate CompactFlash USB\SandIcon.Exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.













uURLSearchHooks: Productivity 1.12 Toolbar: {30421e54-3b57-4e5b-947c-9b6beea57683} - c:\program files\productivity_1.12\prxtbPro0.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Productivity 1.12 Toolbar: {30421e54-3b57-4e5b-947c-9b6beea57683} - c:\program files\productivity_1.12\prxtbPro0.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
TB: Productivity 1.12 Toolbar: {30421E54-3B57-4E5B-947C-9B6BEEA57683} - c:\program files\productivity_1.12\prxtbPro0.dll
TB: Copernic Agent: {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - c:\program files\copernic agent\CopernicAgentExt.dll
TB: Productivity 1.12 Toolbar: {30421e54-3b57-4e5b-947c-9b6beea57683} - c:\program files\productivity_1.12\prxtbPro0.dll
EB: Copernic Agent Results: {6F480F82-C3A6-4D35-96F7-B297AD49FBE8} - c:\program files\copernic agent\CopernicAgentExt.dll
EB: Copernic Agent: {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - c:\program files\copernic agent\CopernicAgentExt.dll
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [DriverCure] c:\program files\paretologic\drivercure\DriverCure.exe -scan
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10b.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.6.0_01\bin\jusched.exe"
mRun: [sandIcon] c:\imagemate compactflash usb\SandIcon.Exe
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations\avp.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\printk~1.lnk - c:\program files\printkey2000\Printkey2000.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoWelcomeScreen = dword:1
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations\ie_banner_deny.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
IE: {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - c:\progra~1\copern~1\COPERN~1.EXE
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6}
IE: {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - c:\progra~1\copern~1\COPERN~1.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe






TCP: NameServer = 192.168.0.253 63.90.67.10
TCP: Interfaces\{114884BB-4637-4EA4-ADAC-6156BAA33643} : DHCPNameServer = 192.168.0.253 63.90.67.10
Handler: copernicagent - {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - c:\program files\copernic agent\CopernicAgentExt.dll
Handler: copernicagentcache - {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - c:\program files\copernic agent\CopernicAgentExt.dll
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs= c:\progra~1\kasper~1\kasper~1.0fo\adialhk.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\pmoore\application data\mozilla\firefox\profiles\mie1mfn2.default\
FF - prefs.js: browser.startup.homepage - www.cnn.com
FF - ExtSQL: 2013-10-21 08:28; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2007-7-18 112144]
R1 klif;Klif;c:\windows\system32\drivers\klif.sys [2007-11-9 201504]
R2 AVP;Kaspersky Anti-Virus 6.0;c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations\avp.exe [2007-11-19 231952]
R2 HPFECP12;HPFECP12;c:\windows\system32\drivers\HPFecp12.sys [1998-10-19 52800]
R2 klnagent;Kaspersky Network Agent;c:\program files\kaspersky lab\networkagent\klnagent.exe [2008-9-22 94544]
R2 LogWatch;Event Log Watch;c:\windows\LogWatNT.exe [2000-6-7 50176]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-5-30 24344]
.
=============== Created Last 30 ================
.
2013-11-12 16:09:02    --------    d-----w-    c:\documents and settings\pmoore\application data\PriceGong
2013-11-12 14:38:49    --------    d-----w-    c:\documents and settings\pmoore\application data\Malwarebytes
2013-11-12 14:38:35    --------    d-----w-    c:\documents and settings\all users\application data\Malwarebytes
2013-11-12 14:38:31    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-11-12 14:38:31    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-11-06 18:41:27    --------    d-----w-    c:\documents and settings\all users\application data\eSafe
2013-11-06 18:38:30    --------    d-----w-    c:\documents and settings\pmoore\application data\iPumper
2013-10-24 10:26:24    --------    d-----w-    c:\program files\MyPC Backup
2013-10-24 10:22:23    --------    d-----w-    c:\documents and settings\pmoore\application data\Systweak
.
==================== Find3M  ====================
.
2013-10-13 07:25:38    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-10-13 07:25:08    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2013-10-13 07:25:02    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2013-10-13 07:24:17    18944    ----a-w-    c:\windows\system32\corpol.dll
2013-10-13 06:57:59    385024    ----a-w-    c:\windows\system32\html.iec
2013-10-12 15:56:19    278528    ----a-w-    c:\windows\system32\oakley.dll
2013-10-09 13:12:48    287744    ----a-w-    c:\windows\system32\gdi32.dll
2013-10-07 10:59:21    603136    ----a-w-    c:\windows\system32\crypt32.dll
2013-10-05 01:14:01    7168    ----a-w-    c:\windows\system32\xpsp4res.dll
2013-08-29 01:31:44    1878656    ----a-w-    c:\windows\system32\win32k.sys
.
============= FINISH: 11:37:42.24 ===============
 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 9/5/2006 9:48:29 AM
System Uptime: 11/20/2013 9:03:56 AM (2 hours ago)
.
Motherboard: Dell Inc.           |  | 0WG233
Processor:               Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2793/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 54.604 GiB free.
D: is CDROM ()
H: is NetworkDisk (NTFS) - 235 GiB total, 158.238 GiB free.
P: is NetworkDisk (NTFS) - 235 GiB total, 158.238 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Parallel Device
Device ID: ROOT\LEGACY_HPFECP12\0000
Manufacturer:
Name: Parallel Device
PNP Device ID: ROOT\LEGACY_HPFECP12\0000
Service: HPFECP12
.
==== System Restore Points ===================
.
RP1219: 8/23/2013 8:35:36 AM - System Checkpoint
RP1220: 8/26/2013 2:38:01 AM - System Checkpoint
RP1221: 8/27/2013 2:38:47 AM - System Checkpoint
RP1222: 8/28/2013 3:44:17 AM - System Checkpoint
RP1223: 8/28/2013 8:00:15 AM - Software Distribution Service 3.0
RP1224: 8/29/2013 8:25:21 AM - System Checkpoint
RP1225: 9/3/2013 2:34:43 AM - System Checkpoint
RP1226: 9/4/2013 2:38:29 AM - System Checkpoint
RP1227: 9/5/2013 3:24:02 AM - System Checkpoint
RP1228: 9/6/2013 4:00:27 AM - System Checkpoint
RP1229: 9/9/2013 2:41:20 AM - System Checkpoint
RP1230: 9/10/2013 3:24:26 AM - System Checkpoint
RP1231: 9/11/2013 4:25:04 AM - System Checkpoint
RP1232: 9/12/2013 4:58:02 AM - System Checkpoint
RP1233: 9/12/2013 8:00:15 AM - Software Distribution Service 3.0
RP1234: 9/16/2013 2:37:34 AM - System Checkpoint
RP1235: 9/17/2013 3:24:30 AM - System Checkpoint
RP1236: 9/18/2013 4:54:26 AM - System Checkpoint
RP1237: 9/19/2013 5:30:19 AM - System Checkpoint
RP1238: 9/20/2013 6:44:03 AM - System Checkpoint
RP1239: 9/23/2013 2:36:11 AM - System Checkpoint
RP1240: 9/24/2013 2:37:59 AM - System Checkpoint
RP1241: 9/25/2013 4:54:11 AM - System Checkpoint
RP1242: 9/26/2013 7:37:26 AM - System Checkpoint
RP1243: 9/30/2013 2:37:20 AM - System Checkpoint
RP1244: 10/1/2013 4:17:50 AM - System Checkpoint
RP1245: 10/2/2013 4:25:29 AM - System Checkpoint
RP1246: 10/3/2013 4:49:26 AM - System Checkpoint
RP1247: 10/4/2013 5:25:44 AM - System Checkpoint
RP1248: 10/7/2013 2:39:31 AM - System Checkpoint
RP1249: 10/8/2013 2:39:55 AM - System Checkpoint
RP1250: 10/9/2013 3:36:17 AM - System Checkpoint
RP1251: 10/9/2013 8:00:16 AM - Software Distribution Service 3.0
RP1252: 10/10/2013 8:23:08 AM - System Checkpoint
RP1253: 10/11/2013 8:36:44 AM - System Checkpoint
RP1254: 10/14/2013 2:33:38 AM - System Checkpoint
RP1255: 10/15/2013 2:44:10 AM - System Checkpoint
RP1256: 10/16/2013 3:42:35 AM - System Checkpoint
RP1257: 10/17/2013 4:27:21 AM - System Checkpoint
RP1258: 10/17/2013 8:00:15 AM - Software Distribution Service 3.0
RP1259: 10/17/2013 9:19:03 AM - Printer Driver Microsoft XPS Document Writer Installed
RP1260: 10/21/2013 2:36:20 AM - System Checkpoint
RP1261: 10/21/2013 8:00:16 AM - Software Distribution Service 3.0
RP1262: 10/22/2013 8:24:23 AM - System Checkpoint
RP1263: 10/23/2013 8:42:37 AM - System Checkpoint
RP1264: 10/24/2013 9:36:00 AM - System Checkpoint
RP1265: 10/28/2013 4:46:48 AM - System Checkpoint
RP1266: 10/29/2013 5:34:09 AM - System Checkpoint
RP1267: 10/30/2013 5:50:07 AM - System Checkpoint
RP1268: 10/31/2013 6:56:44 AM - System Checkpoint
RP1269: 11/4/2013 2:36:24 AM - System Checkpoint
RP1270: 11/5/2013 2:39:19 AM - System Checkpoint
RP1271: 11/6/2013 2:40:23 AM - System Checkpoint
RP1272: 11/7/2013 3:14:49 AM - System Checkpoint
RP1273: 11/8/2013 3:37:23 AM - System Checkpoint
RP1274: 11/11/2013 2:55:12 AM - System Checkpoint
RP1275: 11/12/2013 5:35:56 AM - System Checkpoint
RP1276: 11/12/2013 6:38:44 AM - Removed Pervasive PSQL v10 SP2 Client (32-bit).
RP1277: 11/13/2013 7:52:04 AM - System Checkpoint
RP1278: 11/13/2013 8:00:16 AM - Software Distribution Service 3.0
RP1279: 11/14/2013 8:50:54 AM - System Checkpoint
RP1280: 11/18/2013 6:38:23 AM - System Checkpoint
RP1281: 11/19/2013 6:56:17 AM - System Checkpoint
RP1282: 11/20/2013 10:00:54 AM - System Checkpoint
.
==== Installed Programs ======================
.
Access2000Runtime
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.2
ArcSoft PhotoImpression 6
ArcSoft Print Creations
Broadcom Advanced Control Suite
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Copernic Agent Basic
EPSON Printer Software
gsimple 2.05
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP DeskJet 880C Series (Remove only)
HP PhotoSmart C200 Photo Imaging Software
HP PhotoSmart Photo Printing Software
ImageMate CompactFlash USB (SDDR-31) Ver. 5.04
Intel® Graphics Media Accelerator Driver
IscarSetup
J2SE Runtime Environment 5.0 Update 10
Java 2 Runtime Environment, SE v1.4.2_03
Java 6 Update 5
Kaspersky Anti-Virus 6.0 for Windows Workstations
Kaspersky Network Agent
LAN-Fax Utilities
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Access 2000 Runtime
Microsoft Application Error Reporting
Microsoft Office 2000 Small Business
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox 25.0.1 (x86 en-US)
Mozilla Maintenance Service
Pervasive PSQL v10 SP2 Client (32-bit)
PictureMate User's Guide
PrintKey2000
Productivity 1.12 Toolbar
Seagate Crystal Reports 7 Distributed Reports
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB2888505)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2803821-v2)
Security Update for Windows Media Player (KB2803821)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Ulead Photo Explorer 4.2
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
11/13/2013 7:52:55 AM, error: NETLOGON [5719]  - No Domain Controller is available for domain helmick due to the following:  The RPC server is unavailable. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
.
==== End Of File ===========================
 

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Hello zma1013! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Step 1

Please uninstall this application: Productivity 1.12 Toolbar

Step 2

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
  • Step 4
    • Launch Malwarebytes' Anti-Malware
    • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
    • Go to Scanner tab and select Perform Quick Scan, then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

    In your next reply, post the following log files:

    • Junkware Removal Tool log
    • AdwCleaner log
    • Malwarebytes' Anti-Malware log
Link to post
Share on other sites
zma1013

zma1013

Posted
  • Author
Posted

Okay, I finally got to run all the scans.  I ran the ADW scan and it founds and removed some things but it did not produce a log afterwards.  Cant find it anywhere on the system and when I start the program back up, the log option is greyed out.  MBAM found nothing.  The only log to show is the Junkware removal tool below.

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Microsoft Windows XP x86
Ran by pmoore on Wed 11/20/2013 at 14:44:54.50
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\esafeseccontrol
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\conduit.engine
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220422412252}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660466416652}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2866439
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660466416652}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}



~~~ Files

Successfully deleted: [File] "C:\WINDOWS\system32\conduitengine.tmp"
Successfully deleted: [File] "C:\end"
Successfully disinfected: [shortcut] C:\Documents and Settings\pmoore\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Successfully disinfected: [shortcut] C:\Documents and Settings\pmoore\start menu\Programs\Internet Explorer.lnk
Successfully disinfected: [shortcut] C:\Documents and Settings\pmoore\start menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Successfully disinfected: [shortcut] C:\Documents and Settings\pmoore\desktop\Internet Explorer.lnk



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\drivercure"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\esafe"
Successfully deleted: [Folder] "C:\Documents and Settings\pmoore\Application Data\drivercure"
Successfully deleted: [Folder] "C:\Documents and Settings\pmoore\Application Data\pricegong"
Successfully deleted: [Folder] "C:\Documents and Settings\pmoore\Application Data\systweak"
Successfully deleted: [Folder] "C:\Documents and Settings\pmoore\Local Settings\Application Data\conduit"
Successfully deleted: [Folder] "C:\Program Files\conduit"
Successfully deleted: [Folder] "C:\Program Files\mypc backup"





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 11/20/2013 at 14:54:08.82
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

I ran the ADW scan and it founds and removed some things but it did not produce a log afterwards.

Did you take a look here?

You can find the logfile at C:\AdwCleaner[s1].txt as well.

Please post your Malwarebytes' Anti-Malware log and let me know how are things there now.

Link to post
Share on other sites
  • 3 weeks later...
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.