Jump to content

Sarith

Members
  • Posts

    13
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hi Mr C, Please find the contents of the log.txt ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=38339371aa53d04dad3d57c399323bd5 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2012-10-01 11:13:03 # local_time=2012-10-01 09:13:03 (+1000, AUS Eastern Standard Time) # country="Australia" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=246941 # found=4 # cleaned=3 # scan_time=5585 C:\Documents and Settings\Administrator\Local Settings\Temp\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Administrator\My Documents\Downloads\winscp429setup.exe Win32/OpenCandy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Administrator\My Documents\Downloads\YontooSetup.exe multiple threats (cleaned by deleting - quarantined) 00000000000000000000000000000000 C ${Memory} probably a variant of Win32/Ponmocup.AA trojan 00000000000000000000000000000000 I
  2. Yes MrC. I couldn't do the instructions as per the previous thread since I had a family emergency. Will try to do tomorrow or Monday. Thanks.
  3. I tried all the steps you mentioned for browsers and re started the machine before testing. Issue is still exists. For an example, I searched google maps in IE and it worked. Then searched Kevin Pieterson and it was re directed. Then, when I search the google maps again, it also got re directed. It is very un predictable behaviour.
  4. Just found out there are some sites redirecting in firefox as well
  5. Hi MrC It seems that the issue is not exists for firefox anymore. But IE and chrome still redirect to bogus sites. Thanks
  6. Hi Mr C, I ran the AdwCleaner as per your instructions. Please find the contents of the log file. # AdwCleaner v2.003 - Logfile created 09/26/2012 at 17:21:24 # Updated 23/09/2012 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : Sarith - Sarith # Boot Mode : Normal # Running from : C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Deleted on reboot : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\figdphohhlffelolcabcjpikobidapnk File Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p9mdzysh.default\searchplugins\Askcom.xml File Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p9mdzysh.default\searchplugins\Conduit.xml Folder Deleted : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{c34bfb11-eff0-4123-a7a5-79051ef24cf5} Folder Deleted : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\AskSearch Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p9mdzysh.default\ConduitCommon Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p9mdzysh.default\CT3080215 Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p9mdzysh.default\extensions\{c34bfb11-eff0-4123-a7a5-79051ef24cf5} Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit Folder Deleted : C:\Documents and Settings\All Users\Application Data\blekko toolbars Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer Folder Deleted : C:\Program Files\Conduit ***** [Registry] ***** Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\ConduitSearchScopes Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6E4C89CF-3061-4EE4-B22A-B7A8AAEA5CB3} Key Deleted : HKLM\SOFTWARE\Classes\S Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3080215 Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\figdphohhlffelolcabcjpikobidapnk Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6} Key Deleted : HKLM\Software\Tarma Installer Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] -\\ Mozilla Firefox v15.0.1 (en-US) Profile name : default File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p9mdzysh.default\prefs.js C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p9mdzysh.default\user.js ... Deleted ! Deleted : user_pref("CT3080215..clientLogIsEnabled", false); Deleted : user_pref("CT3080215..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Deleted : user_pref("CT3080215..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Deleted : user_pref("CT3080215.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Deleted : user_pref("CT3080215.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Deleted : user_pref("CT3080215.AppTrackingLastCheckTime", "Tue Jun 19 2012 11:07:10 GMT+1000 (AUS Eastern Stan[...] Deleted : user_pref("CT3080215.BrowserCompStateIsOpen_129593625122250400", true); Deleted : user_pref("CT3080215.BrowserCompStateIsOpen_129593625633170487", true); Deleted : user_pref("CT3080215.BrowserCompStateIsOpen_129602826443090033", true); Deleted : user_pref("CT3080215.BrowserCompStateIsOpen_129651293692945774", true); Deleted : user_pref("CT3080215.BrowserCompStateIsOpen_129683385239384536", true); Deleted : user_pref("CT3080215.CTID", "CT3080215"); Deleted : user_pref("CT3080215.CurrentServerDate", "25-9-2012"); Deleted : user_pref("CT3080215.DSChangedManually", false); Deleted : user_pref("CT3080215.DSInstall", true); Deleted : user_pref("CT3080215.DSProtectChoice", true); Deleted : user_pref("CT3080215.DSProtectCount", 1); Deleted : user_pref("CT3080215.DialogsAlignMode", "LTR"); Deleted : user_pref("CT3080215.DialogsGetterLastCheckTime", "Tue Sep 25 2012 10:24:50 GMT+1000 (AUS Eastern St[...] Deleted : user_pref("CT3080215.DownloadReferralCookieData", ""); Deleted : user_pref("CT3080215.EMailNotifierPollDate", "Tue Sep 25 2012 21:18:16 GMT+1000 (AUS Eastern Standar[...] Deleted : user_pref("CT3080215.FirstServerDate", "29-10-2011"); Deleted : user_pref("CT3080215.FirstTime", true); Deleted : user_pref("CT3080215.FirstTimeFF3", true); Deleted : user_pref("CT3080215.FixPageNotFoundErrors", true); Deleted : user_pref("CT3080215.GroupingServerCheckInterval", 1440); Deleted : user_pref("CT3080215.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Deleted : user_pref("CT3080215.HPChangedManually", true); Deleted : user_pref("CT3080215.HPInstall", false); Deleted : user_pref("CT3080215.HPProtectChoice", true); Deleted : user_pref("CT3080215.HPProtectCount", 1); Deleted : user_pref("CT3080215.HasUserGlobalKeys", true); Deleted : user_pref("CT3080215.HomePageProtectorEnabled", false); Deleted : user_pref("CT3080215.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT3080215&SearchSource=[...] Deleted : user_pref("CT3080215.Initialize", true); Deleted : user_pref("CT3080215.InitializeCommonPrefs", true); Deleted : user_pref("CT3080215.InstallationAndCookieDataSentCount", 3); Deleted : user_pref("CT3080215.InstallationId", "CT3080215_ChatVibes.exe"); Deleted : user_pref("CT3080215.InstallationType", "ConduitIntegration"); Deleted : user_pref("CT3080215.InstalledDate", "Sat Oct 29 2011 15:36:37 GMT+1100 (AUS Eastern Daylight Time)"[...] Deleted : user_pref("CT3080215.InvalidateCache", false); Deleted : user_pref("CT3080215.IsAlertDBUpdated", true); Deleted : user_pref("CT3080215.IsGrouping", false); Deleted : user_pref("CT3080215.IsInitSetupIni", true); Deleted : user_pref("CT3080215.IsMulticommunity", false); Deleted : user_pref("CT3080215.IsOpenThankYouPage", false); Deleted : user_pref("CT3080215.IsOpenUninstallPage", true); Deleted : user_pref("CT3080215.IsProtectorsInit", true); Deleted : user_pref("CT3080215.LanguagePackLastCheckTime", "Tue Sep 25 2012 21:18:19 GMT+1000 (AUS Eastern Sta[...] Deleted : user_pref("CT3080215.LanguagePackReloadIntervalMM", 1440); Deleted : user_pref("CT3080215.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Deleted : user_pref("CT3080215.LastLogin_3.13.0.6", "Fri Aug 10 2012 08:59:37 GMT+1000 (AUS Eastern Standard T[...] Deleted : user_pref("CT3080215.LastLogin_3.14.1.0", "Tue Sep 18 2012 04:48:41 GMT+1000 (AUS Eastern Standard T[...] Deleted : user_pref("CT3080215.LastLogin_3.15.1.0", "Tue Sep 25 2012 21:18:17 GMT+1000 (AUS Eastern Standard T[...] Deleted : user_pref("CT3080215.LastLogin_3.7.0.6", "Fri Dec 09 2011 12:29:49 GMT+1100 (AUS Eastern Daylight Ti[...] Deleted : user_pref("CT3080215.LastLogin_3.8.1.0", "Tue Feb 14 2012 14:44:25 GMT+1100 (AUS Eastern Daylight Ti[...] Deleted : user_pref("CT3080215.LastLogin_3.9.0.3", "Tue Jun 05 2012 15:01:59 GMT+1000 (AUS Eastern Standard Ti[...] Deleted : user_pref("CT3080215.LatestVersion", "3.14.1.0"); Deleted : user_pref("CT3080215.Locale", "en"); Deleted : user_pref("CT3080215.MAX_NUMBER_OF_ALERTS_129651293692945774", "1_1325053429000"); Deleted : user_pref("CT3080215.MCDetectTooltipHeight", "83"); Deleted : user_pref("CT3080215.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Deleted : user_pref("CT3080215.MCDetectTooltipWidth", "295"); Deleted : user_pref("CT3080215.MyStuffEnabledAtInstallation", true); Deleted : user_pref("CT3080215.OriginalFirstVersion", "3.7.0.6"); Deleted : user_pref("CT3080215.RadioIsPodcast", false); Deleted : user_pref("CT3080215.RadioLastCheckTime", "Tue Sep 25 2012 21:18:17 GMT+1000 (AUS Eastern Standard T[...] Deleted : user_pref("CT3080215.RadioLastUpdateIPServer", "3"); Deleted : user_pref("CT3080215.RadioLastUpdateServer", "129581572163170000"); Deleted : user_pref("CT3080215.RadioMediaID", "21938416"); Deleted : user_pref("CT3080215.RadioMediaType", "Media Player"); Deleted : user_pref("CT3080215.RadioMenuSelectedID", "EBRadioMenu_CT308021521938416"); Deleted : user_pref("CT3080215.RadioShrinked", "shrinked"); Deleted : user_pref("CT3080215.RadioShrinkedFromSetup", true); Deleted : user_pref("CT3080215.RadioStationName", "California%20Rock%20-%20Rock"); Deleted : user_pref("CT3080215.RadioStationURL", "hxxp://www.feedlive.net/california.asx"); Deleted : user_pref("CT3080215.SavedHomepage", "hxxp://www.ask.com/?l=dis&o=15087"); Deleted : user_pref("CT3080215.SearchCaption", "ChatVibes.com Customized Web Search"); Deleted : user_pref("CT3080215.SearchEngineBeforeUnload", "ChatVibes.com Customized Web Search"); Deleted : user_pref("CT3080215.SearchFromAddressBarIsInit", true); Deleted : user_pref("CT3080215.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT308[...] Deleted : user_pref("CT3080215.SearchInNewTabEnabled", true); Deleted : user_pref("CT3080215.SearchInNewTabIntervalMM", 1440); Deleted : user_pref("CT3080215.SearchInNewTabLastCheckTime", "Tue Sep 25 2012 21:18:16 GMT+1000 (AUS Eastern S[...] Deleted : user_pref("CT3080215.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Deleted : user_pref("CT3080215.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...] Deleted : user_pref("CT3080215.SearchProtectorEnabled", true); Deleted : user_pref("CT3080215.SearchProtectorToolbarDisabled", false); Deleted : user_pref("CT3080215.SendProtectorDataViaLogin", true); Deleted : user_pref("CT3080215.ServiceMapLastCheckTime", "Tue Sep 25 2012 21:18:17 GMT+1000 (AUS Eastern Stand[...] Deleted : user_pref("CT3080215.SettingsLastCheckTime", "Tue Sep 25 2012 21:18:16 GMT+1000 (AUS Eastern Standar[...] Deleted : user_pref("CT3080215.SettingsLastUpdate", "1348502541"); Deleted : user_pref("CT3080215.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3080215&SearchSource=13"); Deleted : user_pref("CT3080215.ThirdPartyComponentsInterval", 504); Deleted : user_pref("CT3080215.ThirdPartyComponentsLastCheck", "Wed Sep 05 2012 19:04:49 GMT+1000 (AUS Eastern[...] Deleted : user_pref("CT3080215.ThirdPartyComponentsLastUpdate", "1331805997"); Deleted : user_pref("CT3080215.ToolbarShrinkedFromSetup", false); Deleted : user_pref("CT3080215.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3080215"); Deleted : user_pref("CT3080215.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Deleted : user_pref("CT3080215.UserID", "UN89741234525382128"); Deleted : user_pref("CT3080215.ValidationData_Search", 1); Deleted : user_pref("CT3080215.ValidationData_Toolbar", 2); Deleted : user_pref("CT3080215.alertChannelId", "1471614"); Deleted : user_pref("CT3080215.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D4[...] Deleted : user_pref("CT3080215.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...] Deleted : user_pref("CT3080215.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...] Deleted : user_pref("CT3080215.backendstorage./9b+7e.:2z527", "2423"); Deleted : user_pref("CT3080215.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...] Deleted : user_pref("CT3080215.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...] Deleted : user_pref("CT3080215.backendstorage./9b+7e06cg5el8:", "6E6D6F72706E726E6E75"); Deleted : user_pref("CT3080215.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A7473757876747874747B242F4B4947[...] Deleted : user_pref("CT3080215.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...] Deleted : user_pref("CT3080215.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...] Deleted : user_pref("CT3080215.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...] Deleted : user_pref("CT3080215.backendstorage./9b+7e31;cj7@3=i\"mbe", "247E61393F236B25707876792A212C6E414F444[...] Deleted : user_pref("CT3080215.backendstorage./9b+7e31;cj7fk;kg#ncep@mc+vkn", "247E61393F236B25737471712A212C6[...] Deleted : user_pref("CT3080215.backendstorage./9b+7e31;cj=<8ei=mp@n'rgj", "247E61393F236B25747376722A212C6E414[...] Deleted : user_pref("CT3080215.backendstorage./9b+7e31;cj=hkgij#ncf", "247E61393F236B256F6F73772A212C6E414F444[...] Deleted : user_pref("CT3080215.backendstorage./9b+7e31;cjc<=fbj#ncf", "247E61393F236B25757677712A212C6E414F444[...] Deleted : user_pref("CT3080215.backendstorage./9b+7e31;cjc<=fbj#ncf'ta", "247E61393F236B25726F76722A212C6E414F[...] Deleted : user_pref("CT3080215.backendstorage./9b+7e31;cji>g;elocm;dcqde,wlo", "247E61393F236B25717171772A212C[...] Deleted : user_pref("CT3080215.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...] Deleted : user_pref("CT3080215.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...] Deleted : user_pref("CT3080215.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...] Deleted : user_pref("CT3080215.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...] Deleted : user_pref("CT3080215.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347474[...] Deleted : user_pref("CT3080215.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...] Deleted : user_pref("CT3080215.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...] Deleted : user_pref("CT3080215.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...] Deleted : user_pref("CT3080215.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...] Deleted : user_pref("CT3080215.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...] Deleted : user_pref("CT3080215.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...] Deleted : user_pref("CT3080215.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...] Deleted : user_pref("CT3080215.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...] Deleted : user_pref("CT3080215.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...] Deleted : user_pref("CT3080215.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...] Deleted : user_pref("CT3080215.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...] Deleted : user_pref("CT3080215.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...] Deleted : user_pref("CT3080215.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...] Deleted : user_pref("CT3080215.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...] Deleted : user_pref("CT3080215.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215[...] Deleted : user_pref("CT3080215.backendstorage./9b-0?3g>d", "6B3E3B72726D6E6D7A7879727A207D75767D254F2053262A22[...] Deleted : user_pref("CT3080215.backendstorage./9b-0?3g@6:5;", ""); Deleted : user_pref("CT3080215.backendstorage./9b-0?3gfa7ef", "2B2E2C3D"); Deleted : user_pref("CT3080215.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332[...] Deleted : user_pref("CT3080215.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6E6A68707374757677"); Deleted : user_pref("CT3080215.backendstorage./9b3=>@44i48?", "372C2D32697576334236334148477B213F3E484F4E4D464[...] Deleted : user_pref("CT3080215.backendstorage./9b5ba==9cjag", "68686C6F6A6D73447A77477676764B7E7C7B4D7C22"); Deleted : user_pref("CT3080215.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6F706F6E74727570727778"); Deleted : user_pref("CT3080215.backendstorage./9b9643g3/9e", "6A"); Deleted : user_pref("CT3080215.backendstorage./9b<:222h64<", "393F352F3E"); Deleted : user_pref("CT3080215.backendstorage./9b=+03eh8h8j?:", "4443"); Deleted : user_pref("CT3080215.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...] Deleted : user_pref("CT3080215.backendstorage./9b?b0d:8aj62<h", "6D"); Deleted : user_pref("CT3080215.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B"); Deleted : user_pref("CT3080215.backendstorage.3080215a129594582538461993000000paramsgk0", "7B22757064617465526[...] Deleted : user_pref("CT3080215.backendstorage.activationstep", "35"); Deleted : user_pref("CT3080215.backendstorage.cb_firstuse0100", "31"); Deleted : user_pref("CT3080215.backendstorage.cbfirsttime", "536174204F637420323920323031312031353A33363A34342[...] Deleted : user_pref("CT3080215.backendstorage.ct3080215ads1", "25374225323261647325323225334125354225374225323[...] Deleted : user_pref("CT3080215.backendstorage.ct3080215current_term", ""); Deleted : user_pref("CT3080215.backendstorage.ct3080215sdate", "31"); Deleted : user_pref("CT3080215.backendstorage.d_date_ginyas1", "31333438333739393832343030"); Deleted : user_pref("CT3080215.backendstorage.d_ginyas1", "30"); Deleted : user_pref("CT3080215.backendstorage.dealplyhardid", "333431383232353333323336363236323837"); Deleted : user_pref("CT3080215.backendstorage.dealplyheartbitdate", "3131325F325F3330"); Deleted : user_pref("CT3080215.backendstorage.dealplywasshownctsettingswidget", "31"); Deleted : user_pref("CT3080215.backendstorage.firstrun", "31333231353731363231393538"); Deleted : user_pref("CT3080215.backendstorage.ginyasstest", "676F6F64"); Deleted : user_pref("CT3080215.backendstorage.hxxp://conduit_anybodyoutthere_com.guid", "313333343830303634323[...] Deleted : user_pref("CT3080215.backendstorage.hxxp://conduit_anybodyoutthere_com.instts", "3133333238393738383[...] Deleted : user_pref("CT3080215.backendstorage.hxxp://rv_ginyas_com/app/conduit.bbrs_affid", "63765F636F6E64756[...] Deleted : user_pref("CT3080215.backendstorage.hxxp://rv_ginyas_com/app/conduit.bbrs_bguid", "63765F636F6E64756[...] Deleted : user_pref("CT3080215.backendstorage.hxxp://rv_ginyas_com/app/conduit.bbrs_lba", "3232343735383238"); Deleted : user_pref("CT3080215.backendstorage.hxxp://rv_ginyas_com/app/conduit.bbrs_lba1", "323031322D392D3235[...] Deleted : user_pref("CT3080215.backendstorage.loadtimes", "3537"); Deleted : user_pref("CT3080215.backendstorage.shoppingapp.gk.exipres", "53756E2041707220303120323031322031323A[...] Deleted : user_pref("CT3080215.backendstorage.shoppingapp.gk.geolocation", "6175737472616C6961"); Deleted : user_pref("CT3080215.backendstorage.uniqueid", "35424543454442363845323945323834"); Deleted : user_pref("CT3080215.backendstorage.url_history", "6A6176617363726970743A7375626D697446726F6D4461746[...] Deleted : user_pref("CT3080215.backendstorage.url_history_time", "31333237353733313032363030"); Deleted : user_pref("CT3080215.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Deleted : user_pref("CT3080215.globalFirstTimeInfoLastCheckTime", "Sun Sep 16 2012 10:24:48 GMT+1000 (AUS East[...] Deleted : user_pref("CT3080215.homepageProtectorEnableByLogin", true); Deleted : user_pref("CT3080215.initDone", true); Deleted : user_pref("CT3080215.isAppTrackingManagerOn", false); Deleted : user_pref("CT3080215.isFirstRadioInstallation", false); Deleted : user_pref("CT3080215.myStuffEnabled", true); Deleted : user_pref("CT3080215.myStuffPublihserMinWidth", 400); Deleted : user_pref("CT3080215.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Deleted : user_pref("CT3080215.myStuffServiceIntervalMM", 1440); Deleted : user_pref("CT3080215.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Deleted : user_pref("CT3080215.oldAppsList", "10000001,10000002,111,129581470654806571,129581471989984800,1295[...] Deleted : user_pref("CT3080215.revertSettingsEnabled", true); Deleted : user_pref("CT3080215.searchProtectorDialogDelayInSec", 10); Deleted : user_pref("CT3080215.searchProtectorEnableByLogin", true); Deleted : user_pref("CT3080215.testingCtid", ""); Deleted : user_pref("CT3080215.toolbarAppMetaDataLastCheckTime", "Tue Sep 25 2012 21:18:17 GMT+1000 (AUS Easte[...] Deleted : user_pref("CT3080215.toolbarContextMenuLastCheckTime", "Wed Sep 19 2012 19:29:55 GMT+1000 (AUS Easte[...] Deleted : user_pref("CT3080215.usagesFlag", 2); Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3080215&Search[...] Deleted : user_pref("CommunityToolbar.ConduitSearchList", "ChatVibes.com Customized Web Search"); Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3080215/CT3080215[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1471614/1467267/AU", "\"0\"[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3080215", [...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3080215",[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT3080215&octid=[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/equalize[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/minimize[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/play.gif[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/stop.gif[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/vol.gif"[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"4e9[...] Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\Administrator\\App[...] Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.15.1.0"); Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://conduit.anybodyoutthere.com/index.php?toolbar[...] Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_e[...] Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://rv.ginyas.com/app/conduit/disclaimer_ginyas.h[...] Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://www.google.com/search?ie=UTF-8&oe[...] Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT3080215"); Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT3080215"); Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3080215"); Deleted : user_pref("CommunityToolbar.globalUserId", "af9b5267-b454-4ce1-b06e-ae19ccb04c67"); Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3080215"); Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun Sep 23 2012 13:16:2[...] Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440); Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue Sep 25 2012 21:18:25 GMT+100[...] Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com"); Deleted : user_pref("CommunityToolbar.notifications.firstTimeAlertShown", true); Deleted : user_pref("CommunityToolbar.notifications.locale", "en"); Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440); Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Sep 25 2012 21:18:17 GMT+1000 (A[...] Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611"); Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20); Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com"); Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false); Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300); Deleted : user_pref("CommunityToolbar.notifications.userId", "fcea96d6-2dfb-4107-b84d-cd7afc1f4cc2"); Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.ask.com/?l=dis&o=15087"); Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Ask.com"); Deleted : user_pref("browser.search.defaultengine", "Ask.com"); Deleted : user_pref("browser.search.defaultenginename", "Blekko"); Deleted : user_pref("browser.search.defaultthis.engineName", "ChatVibes.com Customized Web Search"); Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3080215&Sea[...] Deleted : user_pref("browser.search.order.1", "Blekko"); Deleted : user_pref("browser.search.selectedEngine", "ChatVibes.com Customized Web Search"); Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3080215&SearchSource=13"); Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3080215&SearchSource=2&q=[...] -\\ Google Chrome v21.0.1180.89 File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [27856 octets] - [25/09/2012 21:46:33] AdwCleaner[s1].txt - [28526 octets] - [26/09/2012 17:21:24] ########## EOF - C:\AdwCleaner[s1].txt - [28587 octets] ##########
  7. Thanks MrC. Please find the log file # AdwCleaner v2.003 - Logfile created 09/25/2012 at 21:46:33 # Updated 23/09/2012 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : Sarith - Sarith # Boot Mode : Normal # Running from : C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** File Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p9mdzysh.default\searchplugins\Askcom.xml File Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p9mdzysh.default\searchplugins\Conduit.xml Folder Found : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{c34bfb11-eff0-4123-a7a5-79051ef24cf5} Folder Found : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\AskSearch Folder Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p9mdzysh.default\ConduitCommon Folder Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p9mdzysh.default\CT3080215 Folder Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p9mdzysh.default\extensions\{c34bfb11-eff0-4123-a7a5-79051ef24cf5} Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\figdphohhlffelolcabcjpikobidapnk Folder Found : C:\Documents and Settings\All Users\Application Data\blekko toolbars Folder Found : C:\Documents and Settings\All Users\Application Data\Tarma Installer Folder Found : C:\Program Files\Conduit ***** [Registry] ***** Key Found : HKCU\Software\Conduit Key Found : HKCU\Software\ConduitSearchScopes Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Found : HKLM\SOFTWARE\Classes\Interface\{6E4C89CF-3061-4EE4-B22A-B7A8AAEA5CB3} Key Found : HKLM\SOFTWARE\Classes\S Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3080215 Key Found : HKLM\Software\Conduit Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\figdphohhlffelolcabcjpikobidapnk Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6} Key Found : HKLM\Software\Tarma Installer Key Found : HKU\S-1-5-21-2894953097-1353061633-2067263066-500\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Key Found : HKU\S-1-5-21-2894953097-1353061633-2067263066-500\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registry is clean. -\\ Mozilla Firefox v15.0.1 (en-US) Profile name : default File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p9mdzysh.default\prefs.js Found : user_pref("CT3080215..clientLogIsEnabled", false); Found : user_pref("CT3080215..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Found : user_pref("CT3080215..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Found : user_pref("CT3080215.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Found : user_pref("CT3080215.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Found : user_pref("CT3080215.AppTrackingLastCheckTime", "Tue Jun 19 2012 11:07:10 GMT+1000 (AUS Eastern Stan[...] Found : user_pref("CT3080215.BrowserCompStateIsOpen_129593625122250400", true); Found : user_pref("CT3080215.BrowserCompStateIsOpen_129593625633170487", true); Found : user_pref("CT3080215.BrowserCompStateIsOpen_129602826443090033", true); Found : user_pref("CT3080215.BrowserCompStateIsOpen_129651293692945774", true); Found : user_pref("CT3080215.BrowserCompStateIsOpen_129683385239384536", true); Found : user_pref("CT3080215.CTID", "CT3080215"); Found : user_pref("CT3080215.CurrentServerDate", "25-9-2012"); Found : user_pref("CT3080215.DSChangedManually", false); Found : user_pref("CT3080215.DSInstall", true); Found : user_pref("CT3080215.DSProtectChoice", true); Found : user_pref("CT3080215.DSProtectCount", 1); Found : user_pref("CT3080215.DialogsAlignMode", "LTR"); Found : user_pref("CT3080215.DialogsGetterLastCheckTime", "Tue Sep 25 2012 10:24:50 GMT+1000 (AUS Eastern St[...] Found : user_pref("CT3080215.DownloadReferralCookieData", ""); Found : user_pref("CT3080215.EMailNotifierPollDate", "Tue Sep 25 2012 21:18:16 GMT+1000 (AUS Eastern Standar[...] Found : user_pref("CT3080215.FirstServerDate", "29-10-2011"); Found : user_pref("CT3080215.FirstTime", true); Found : user_pref("CT3080215.FirstTimeFF3", true); Found : user_pref("CT3080215.FixPageNotFoundErrors", true); Found : user_pref("CT3080215.GroupingServerCheckInterval", 1440); Found : user_pref("CT3080215.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Found : user_pref("CT3080215.HPChangedManually", true); Found : user_pref("CT3080215.HPInstall", false); Found : user_pref("CT3080215.HPProtectChoice", true); Found : user_pref("CT3080215.HPProtectCount", 1); Found : user_pref("CT3080215.HasUserGlobalKeys", true); Found : user_pref("CT3080215.HomePageProtectorEnabled", false); Found : user_pref("CT3080215.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT3080215&SearchSource=[...] Found : user_pref("CT3080215.Initialize", true); Found : user_pref("CT3080215.InitializeCommonPrefs", true); Found : user_pref("CT3080215.InstallationAndCookieDataSentCount", 3); Found : user_pref("CT3080215.InstallationId", "CT3080215_ChatVibes.exe"); Found : user_pref("CT3080215.InstallationType", "ConduitIntegration"); Found : user_pref("CT3080215.InstalledDate", "Sat Oct 29 2011 15:36:37 GMT+1100 (AUS Eastern Daylight Time)"[...] Found : user_pref("CT3080215.InvalidateCache", false); Found : user_pref("CT3080215.IsAlertDBUpdated", true); Found : user_pref("CT3080215.IsGrouping", false); Found : user_pref("CT3080215.IsInitSetupIni", true); Found : user_pref("CT3080215.IsMulticommunity", false); Found : user_pref("CT3080215.IsOpenThankYouPage", false); Found : user_pref("CT3080215.IsOpenUninstallPage", true); Found : user_pref("CT3080215.IsProtectorsInit", true); Found : user_pref("CT3080215.LanguagePackLastCheckTime", "Tue Sep 25 2012 21:18:19 GMT+1000 (AUS Eastern Sta[...] Found : user_pref("CT3080215.LanguagePackReloadIntervalMM", 1440); Found : user_pref("CT3080215.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Found : user_pref("CT3080215.LastLogin_3.13.0.6", "Fri Aug 10 2012 08:59:37 GMT+1000 (AUS Eastern Standard T[...] Found : user_pref("CT3080215.LastLogin_3.14.1.0", "Tue Sep 18 2012 04:48:41 GMT+1000 (AUS Eastern Standard T[...] Found : user_pref("CT3080215.LastLogin_3.15.1.0", "Tue Sep 25 2012 21:18:17 GMT+1000 (AUS Eastern Standard T[...] Found : user_pref("CT3080215.LastLogin_3.7.0.6", "Fri Dec 09 2011 12:29:49 GMT+1100 (AUS Eastern Daylight Ti[...] Found : user_pref("CT3080215.LastLogin_3.8.1.0", "Tue Feb 14 2012 14:44:25 GMT+1100 (AUS Eastern Daylight Ti[...] Found : user_pref("CT3080215.LastLogin_3.9.0.3", "Tue Jun 05 2012 15:01:59 GMT+1000 (AUS Eastern Standard Ti[...] Found : user_pref("CT3080215.LatestVersion", "3.14.1.0"); Found : user_pref("CT3080215.Locale", "en"); Found : user_pref("CT3080215.MAX_NUMBER_OF_ALERTS_129651293692945774", "1_1325053429000"); Found : user_pref("CT3080215.MCDetectTooltipHeight", "83"); Found : user_pref("CT3080215.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Found : user_pref("CT3080215.MCDetectTooltipWidth", "295"); Found : user_pref("CT3080215.MyStuffEnabledAtInstallation", true); Found : user_pref("CT3080215.OriginalFirstVersion", "3.7.0.6"); Found : user_pref("CT3080215.RadioIsPodcast", false); Found : user_pref("CT3080215.RadioLastCheckTime", "Tue Sep 25 2012 21:18:17 GMT+1000 (AUS Eastern Standard T[...] Found : user_pref("CT3080215.RadioLastUpdateIPServer", "3"); Found : user_pref("CT3080215.RadioLastUpdateServer", "129581572163170000"); Found : user_pref("CT3080215.RadioMediaID", "21938416"); Found : user_pref("CT3080215.RadioMediaType", "Media Player"); Found : user_pref("CT3080215.RadioMenuSelectedID", "EBRadioMenu_CT308021521938416"); Found : user_pref("CT3080215.RadioShrinked", "shrinked"); Found : user_pref("CT3080215.RadioShrinkedFromSetup", true); Found : user_pref("CT3080215.RadioStationName", "California%20Rock%20-%20Rock"); Found : user_pref("CT3080215.RadioStationURL", "hxxp://www.feedlive.net/california.asx"); Found : user_pref("CT3080215.SavedHomepage", "hxxp://www.ask.com/?l=dis&o=15087"); Found : user_pref("CT3080215.SearchCaption", "ChatVibes.com Customized Web Search"); Found : user_pref("CT3080215.SearchEngineBeforeUnload", "ChatVibes.com Customized Web Search"); Found : user_pref("CT3080215.SearchFromAddressBarIsInit", true); Found : user_pref("CT3080215.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT308[...] Found : user_pref("CT3080215.SearchInNewTabEnabled", true); Found : user_pref("CT3080215.SearchInNewTabIntervalMM", 1440); Found : user_pref("CT3080215.SearchInNewTabLastCheckTime", "Tue Sep 25 2012 21:18:16 GMT+1000 (AUS Eastern S[...] Found : user_pref("CT3080215.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Found : user_pref("CT3080215.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...] Found : user_pref("CT3080215.SearchProtectorEnabled", true); Found : user_pref("CT3080215.SearchProtectorToolbarDisabled", false); Found : user_pref("CT3080215.SendProtectorDataViaLogin", true); Found : user_pref("CT3080215.ServiceMapLastCheckTime", "Tue Sep 25 2012 21:18:17 GMT+1000 (AUS Eastern Stand[...] Found : user_pref("CT3080215.SettingsLastCheckTime", "Tue Sep 25 2012 21:18:16 GMT+1000 (AUS Eastern Standar[...] Found : user_pref("CT3080215.SettingsLastUpdate", "1348502541"); Found : user_pref("CT3080215.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3080215&SearchSource=13"); Found : user_pref("CT3080215.ThirdPartyComponentsInterval", 504); Found : user_pref("CT3080215.ThirdPartyComponentsLastCheck", "Wed Sep 05 2012 19:04:49 GMT+1000 (AUS Eastern[...] Found : user_pref("CT3080215.ThirdPartyComponentsLastUpdate", "1331805997"); Found : user_pref("CT3080215.ToolbarShrinkedFromSetup", false); Found : user_pref("CT3080215.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3080215"); Found : user_pref("CT3080215.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Found : user_pref("CT3080215.UserID", "UN89741234525382128"); Found : user_pref("CT3080215.ValidationData_Search", 1); Found : user_pref("CT3080215.ValidationData_Toolbar", 2); Found : user_pref("CT3080215.alertChannelId", "1471614"); Found : user_pref("CT3080215.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D4[...] Found : user_pref("CT3080215.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...] Found : user_pref("CT3080215.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...] Found : user_pref("CT3080215.backendstorage./9b+7e.:2z527", "2423"); Found : user_pref("CT3080215.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...] Found : user_pref("CT3080215.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...] Found : user_pref("CT3080215.backendstorage./9b+7e06cg5el8:", "6E6D6F72706E726E6E75"); Found : user_pref("CT3080215.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A7473757876747874747B242F4B4947[...] Found : user_pref("CT3080215.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...] Found : user_pref("CT3080215.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...] Found : user_pref("CT3080215.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...] Found : user_pref("CT3080215.backendstorage./9b+7e31;cj7@3=i\"mbe", "247E61393F236B25707876792A212C6E414F444[...] Found : user_pref("CT3080215.backendstorage./9b+7e31;cj7fk;kg#ncep@mc+vkn", "247E61393F236B25737471712A212C6[...] Found : user_pref("CT3080215.backendstorage./9b+7e31;cj=<8ei=mp@n'rgj", "247E61393F236B25747376722A212C6E414[...] Found : user_pref("CT3080215.backendstorage./9b+7e31;cj=hkgij#ncf", "247E61393F236B256F6F73772A212C6E414F444[...] Found : user_pref("CT3080215.backendstorage./9b+7e31;cjc<=fbj#ncf", "247E61393F236B25757677712A212C6E414F444[...] Found : user_pref("CT3080215.backendstorage./9b+7e31;cjc<=fbj#ncf'ta", "247E61393F236B25726F76722A212C6E414F[...] Found : user_pref("CT3080215.backendstorage./9b+7e31;cji>g;elocm;dcqde,wlo", "247E61393F236B25717171772A212C[...] Found : user_pref("CT3080215.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...] Found : user_pref("CT3080215.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...] Found : user_pref("CT3080215.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...] Found : user_pref("CT3080215.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...] Found : user_pref("CT3080215.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347474[...] Found : user_pref("CT3080215.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...] Found : user_pref("CT3080215.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...] Found : user_pref("CT3080215.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...] Found : user_pref("CT3080215.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...] Found : user_pref("CT3080215.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...] Found : user_pref("CT3080215.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...] Found : user_pref("CT3080215.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...] Found : user_pref("CT3080215.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...] Found : user_pref("CT3080215.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...] Found : user_pref("CT3080215.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...] Found : user_pref("CT3080215.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...] Found : user_pref("CT3080215.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...] Found : user_pref("CT3080215.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...] Found : user_pref("CT3080215.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...] Found : user_pref("CT3080215.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215[...] Found : user_pref("CT3080215.backendstorage./9b-0?3g>d", "6B3E3B72726D6E6D7A7879727A207D75767D254F2053262A22[...] Found : user_pref("CT3080215.backendstorage./9b-0?3g@6:5;", ""); Found : user_pref("CT3080215.backendstorage./9b-0?3gfa7ef", "2B2E2C3D"); Found : user_pref("CT3080215.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332[...] Found : user_pref("CT3080215.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6E6A68707374757677"); Found : user_pref("CT3080215.backendstorage./9b3=>@44i48?", "372C2D32697576334236334148477B213F3E484F4E4D464[...] Found : user_pref("CT3080215.backendstorage./9b5ba==9cjag", "68686C6F6A6D73447A77477676764B7E7C7B4D7C22"); Found : user_pref("CT3080215.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6F706F6E74727570727778"); Found : user_pref("CT3080215.backendstorage./9b9643g3/9e", "6A"); Found : user_pref("CT3080215.backendstorage./9b<:222h64<", "393F352F3E"); Found : user_pref("CT3080215.backendstorage./9b=+03eh8h8j?:", "4443"); Found : user_pref("CT3080215.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...] Found : user_pref("CT3080215.backendstorage./9b?b0d:8aj62<h", "6D"); Found : user_pref("CT3080215.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B"); Found : user_pref("CT3080215.backendstorage.3080215a129594582538461993000000paramsgk0", "7B22757064617465526[...] Found : user_pref("CT3080215.backendstorage.activationstep", "35"); Found : user_pref("CT3080215.backendstorage.cb_firstuse0100", "31"); Found : user_pref("CT3080215.backendstorage.cbfirsttime", "536174204F637420323920323031312031353A33363A34342[...] Found : user_pref("CT3080215.backendstorage.ct3080215ads1", "25374225323261647325323225334125354225374225323[...] Found : user_pref("CT3080215.backendstorage.ct3080215current_term", ""); Found : user_pref("CT3080215.backendstorage.ct3080215sdate", "31"); Found : user_pref("CT3080215.backendstorage.d_date_ginyas1", "31333438333739393832343030"); Found : user_pref("CT3080215.backendstorage.d_ginyas1", "30"); Found : user_pref("CT3080215.backendstorage.dealplyhardid", "333431383232353333323336363236323837"); Found : user_pref("CT3080215.backendstorage.dealplyheartbitdate", "3131325F325F3330"); Found : user_pref("CT3080215.backendstorage.dealplywasshownctsettingswidget", "31"); Found : user_pref("CT3080215.backendstorage.firstrun", "31333231353731363231393538"); Found : user_pref("CT3080215.backendstorage.ginyasstest", "676F6F64"); Found : user_pref("CT3080215.backendstorage.hxxp://conduit_anybodyoutthere_com.guid", "313333343830303634323[...] Found : user_pref("CT3080215.backendstorage.hxxp://conduit_anybodyoutthere_com.instts", "3133333238393738383[...] Found : user_pref("CT3080215.backendstorage.hxxp://rv_ginyas_com/app/conduit.bbrs_affid", "63765F636F6E64756[...] Found : user_pref("CT3080215.backendstorage.hxxp://rv_ginyas_com/app/conduit.bbrs_bguid", "63765F636F6E64756[...] Found : user_pref("CT3080215.backendstorage.hxxp://rv_ginyas_com/app/conduit.bbrs_lba", "3232343735383238"); Found : user_pref("CT3080215.backendstorage.hxxp://rv_ginyas_com/app/conduit.bbrs_lba1", "323031322D392D3235[...] Found : user_pref("CT3080215.backendstorage.loadtimes", "3537"); Found : user_pref("CT3080215.backendstorage.shoppingapp.gk.exipres", "53756E2041707220303120323031322031323A[...] Found : user_pref("CT3080215.backendstorage.shoppingapp.gk.geolocation", "6175737472616C6961"); Found : user_pref("CT3080215.backendstorage.uniqueid", "35424543454442363845323945323834"); Found : user_pref("CT3080215.backendstorage.url_history", "6A6176617363726970743A7375626D697446726F6D4461746[...] Found : user_pref("CT3080215.backendstorage.url_history_time", "31333237353733313032363030"); Found : user_pref("CT3080215.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Found : user_pref("CT3080215.globalFirstTimeInfoLastCheckTime", "Sun Sep 16 2012 10:24:48 GMT+1000 (AUS East[...] Found : user_pref("CT3080215.homepageProtectorEnableByLogin", true); Found : user_pref("CT3080215.initDone", true); Found : user_pref("CT3080215.isAppTrackingManagerOn", false); Found : user_pref("CT3080215.isFirstRadioInstallation", false); Found : user_pref("CT3080215.myStuffEnabled", true); Found : user_pref("CT3080215.myStuffPublihserMinWidth", 400); Found : user_pref("CT3080215.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Found : user_pref("CT3080215.myStuffServiceIntervalMM", 1440); Found : user_pref("CT3080215.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Found : user_pref("CT3080215.oldAppsList", "10000001,10000002,111,129581470654806571,129581471989984800,1295[...] Found : user_pref("CT3080215.revertSettingsEnabled", true); Found : user_pref("CT3080215.searchProtectorDialogDelayInSec", 10); Found : user_pref("CT3080215.searchProtectorEnableByLogin", true); Found : user_pref("CT3080215.testingCtid", ""); Found : user_pref("CT3080215.toolbarAppMetaDataLastCheckTime", "Tue Sep 25 2012 21:18:17 GMT+1000 (AUS Easte[...] Found : user_pref("CT3080215.toolbarContextMenuLastCheckTime", "Wed Sep 19 2012 19:29:55 GMT+1000 (AUS Easte[...] Found : user_pref("CT3080215.usagesFlag", 2); Found : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3080215&Search[...] Found : user_pref("CommunityToolbar.ConduitSearchList", "ChatVibes.com Customized Web Search"); Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3080215/CT3080215[...] Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1471614/1467267/AU", "\"0\"[...] Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3080215", [...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...] Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3080215",[...] Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT3080215&octid=[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/equalize[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/minimize[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/play.gif[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/stop.gif[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/vol.gif"[...] Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"4e9[...] Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\Administrator\\App[...] Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.15.1.0"); Found : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://conduit.anybodyoutthere.com/index.php?toolbar[...] Found : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_e[...] Found : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://rv.ginyas.com/app/conduit/disclaimer_ginyas.h[...] Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://www.google.com/search?ie=UTF-8&oe[...] Found : user_pref("CommunityToolbar.ToolbarsList", "CT3080215"); Found : user_pref("CommunityToolbar.ToolbarsList2", "CT3080215"); Found : user_pref("CommunityToolbar.ToolbarsList4", "CT3080215"); Found : user_pref("CommunityToolbar.globalUserId", "af9b5267-b454-4ce1-b06e-ae19ccb04c67"); Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3080215"); Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun Sep 23 2012 13:16:2[...] Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440); Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue Sep 25 2012 21:18:25 GMT+100[...] Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com"); Found : user_pref("CommunityToolbar.notifications.firstTimeAlertShown", true); Found : user_pref("CommunityToolbar.notifications.locale", "en"); Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440); Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Sep 25 2012 21:18:17 GMT+1000 (A[...] Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611"); Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20); Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com"); Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false); Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300); Found : user_pref("CommunityToolbar.notifications.userId", "fcea96d6-2dfb-4107-b84d-cd7afc1f4cc2"); Found : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.ask.com/?l=dis&o=15087"); Found : user_pref("CommunityToolbar.originalSearchEngine", "Ask.com"); Found : user_pref("browser.search.defaultengine", "Ask.com"); Found : user_pref("browser.search.defaultenginename", "Blekko"); Found : user_pref("browser.search.defaultthis.engineName", "ChatVibes.com Customized Web Search"); Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3080215&Sea[...] Found : user_pref("browser.search.order.1", "Blekko"); Found : user_pref("browser.search.selectedEngine", "ChatVibes.com Customized Web Search"); Found : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3080215&SearchSource=13"); Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3080215&SearchSource=2&q=[...] -\\ Google Chrome v21.0.1180.89 File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [27725 octets] - [25/09/2012 21:46:33] ########## EOF - C:\AdwCleaner[R1].txt - [27786 octets] ##########
  8. It has affected all the browsers. IE, Firefox and Google crome and I am on a wireless network. I have followed instructions in your post, but Kaspersky TDSSKiller hasn't found any threats. What do I do now?
  9. Thanks. I have uninstalled Yontoo and ran the RogueKiller. Please find the report below. RogueKiller V8.0.5 [09/23/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : sarith [Admin rights] Mode : Scan -- Date : 09/24/2012 17:08:18 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 4 ¤¤¤ [RUN][bLACKLIST DLL] HKLM\[...]\Run : AdslTaskBar (rundll32.exe stmctrl.dll,TaskBar) -> FOUND [PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (proxy7.au.ibm.com:8080) -> FOUND [HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ SSDT[12] : NtAlertResumeThread @ 0x80637C36 -> HOOKED (Unknown @ 0x861BA7A8) SSDT[13] : NtAlertThread @ 0x80592EFA -> HOOKED (Unknown @ 0x861E39D0) SSDT[17] : NtAllocateVirtualMemory @ 0x80570BC5 -> HOOKED (Unknown @ 0x861C92C8) SSDT[31] : NtConnectPort @ 0x80590C5B -> HOOKED (Unknown @ 0x86E759A0) SSDT[43] : NtCreateMutant @ 0x80580B62 -> HOOKED (Unknown @ 0x861BD520) SSDT[53] : NtCreateThread @ 0x805860C0 -> HOOKED (Unknown @ 0x873608A0) SSDT[83] : NtFreeVirtualMemory @ 0x805710BF -> HOOKED (Unknown @ 0x86EA3A50) SSDT[89] : NtImpersonateAnonymousToken @ 0x8059BB5D -> HOOKED (Unknown @ 0x861BE5D8) SSDT[91] : NtImpersonateThread @ 0x805874C1 -> HOOKED (Unknown @ 0x861BE698) SSDT[108] : NtMapViewOfSection @ 0x8057AA19 -> HOOKED (Unknown @ 0x8630D7A8) SSDT[114] : NtOpenEvent @ 0x80589B69 -> HOOKED (Unknown @ 0x861BD460) SSDT[123] : NtOpenProcessToken @ 0x805784F6 -> HOOKED (Unknown @ 0x861E0D78) SSDT[129] : NtOpenThreadToken @ 0x805746D2 -> HOOKED (Unknown @ 0x86E16788) SSDT[143] : NtQueryDefaultLocale @ 0x8056F0D0 -> HOOKED (\SystemRoot\SYSTEM32\Drivers\SysPlant.sys @ 0xA8664280) SSDT[206] : NtResumeThread @ 0x80586737 -> HOOKED (Unknown @ 0x86EC65E8) SSDT[213] : NtSetContextThread @ 0x8063629D -> HOOKED (Unknown @ 0x86E11448) SSDT[228] : NtSetInformationProcess @ 0x80574B1F -> HOOKED (Unknown @ 0x86E45958) SSDT[229] : NtSetInformationThread @ 0x80576ABD -> HOOKED (Unknown @ 0x86E0FAF0) SSDT[253] : NtSuspendProcess @ 0x80637B7B -> HOOKED (Unknown @ 0x86301638) SSDT[254] : NtSuspendThread @ 0x80637A97 -> HOOKED (Unknown @ 0x863052A8) SSDT[257] : NtTerminateProcess @ 0x8058E6B9 -> HOOKED (Unknown @ 0x861CF258) SSDT[258] : NtTerminateThread @ 0x80582DD9 -> HOOKED (Unknown @ 0x863072A8) SSDT[267] : NtUnmapViewOfSection @ 0x8057A5A1 -> HOOKED (Unknown @ 0x86E74E08) SSDT[277] : NtWriteVirtualMemory @ 0x805873F6 -> HOOKED (Unknown @ 0x861BA5A8) S_SSDT[383] : Unknown -> HOOKED (Unknown @ 0x8527C870) ¤¤¤ Extern Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST9320423AS +++++ --- User --- [MBR] 6ef1986258f13a7888f4882ee11d1531 [bSP] 262d882bbd56478772a4954539ceaa59 : MBR Code unknown Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 305243 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt Sarith
  10. As per the instruction I ran the "dds.scr" and find the attached files dds.txt and attach.txt Thanks dds.txt attach.txt
  11. Hope you can assist me with the issue I have in my machine. My computer has been infected since last week. Whenever I search using any browser(Mozilla,IE,Crome) search results are redirected to bogus web sites. I have tried solutions in the web without any success. I have also installed Malwarebytes 1.65.0.1400 and performed a full scan. After the scan, it has quarantined some files yet I still have the problem. Can you please kindly let me know how to solve this issue? Thank you in advance.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.