Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

parasitic prog on pc. [Solved]

Started by jacksy , Jan 10 2012 02:28 PM

This topic is locked

#1
jacksy

Posted 10 January 2012 - 02:28 PM

Member

Member
15 posts

I recently used pc cleaner pro and was dismayed to see that it had infected my pc witha site called http://search conduit.com. This has taken over my home page and controls Internet Explorer. I deleted IE but no good. I also have another prog search. bearshare.com which has infected my pc. None of these were picked up by windows or AVG or Superantispyware.
Please can you assist in cleaning my pc.
thanks jacksy

#2
Gammo

Posted 14 January 2012 - 08:19 AM

Member 2k

Malware Removal
2,299 posts

Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below.

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Check the box that says Scan All Users.
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

#3
jacksy

Posted 16 January 2012 - 12:49 PM

Member

Topic Starter
Member
15 posts

Have carried out your instructions and only 1 report has been produced which is copied to you.Please advise on follow up action
thanks Jacksy

OTL logfile created on: 16/01/2012 18:28:24 - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\User1\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.17 Gb Available Physical Memory | 58.54% Memory free
1.85 Gb Paging File | 1.24 Gb Available in Paging File | 66.80% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 62.71 Gb Free Space | 84.16% Space Free | Partition Type: NTFS

Computer Name: HPCOMPAQ | User Name: User1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\User1\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe ()
PRC - C:\Program Files\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe (MusicLab, LLC)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIAAE.EXE (SEIKO EPSON CORPORATION)

========== Modules (No Company Name) ==========

MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll ()
MOD - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe ()
MOD - C:\Program Files\AVG Secure Search\vprot.exe ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll ()

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (vToolbarUpdater) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe ()
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)

========== Driver Services (SafeList) ==========

DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys ()
DRV - (rt2870) -- C:\WINDOWS\system32\drivers\rt2870.sys (Ralink Technology, Corp.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (sfman) Creative SoundFont Manager Driver (WDM) -- C:\WINDOWS\system32\drivers\sfmanm.sys (Creative Technology Ltd.)
DRV - (emu10k1) Creative Interface Manager Driver (WDM) -- C:\WINDOWS\system32\drivers\ctlfacem.sys (Creative Technology Ltd.)
DRV - (emu10k) Creative SB Live! (WDM) -- C:\WINDOWS\system32\drivers\emu10k1m.sys (Creative Technology Ltd.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-984244069-2844614521-1043325133-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-984244069-2844614521-1043325133-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-984244069-2844614521-1043325133-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3106574
IE - HKU\S-1-5-21-984244069-2844614521-1043325133-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-984244069-2844614521-1043325133-1003\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKU\S-1-5-21-984244069-2844614521-1043325133-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.bearshare.com/"
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1894
FF - prefs.js..keyword.URL: "http://search.bearsh...&systemid=2&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/12/23 09:49:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/12 00:11:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/12 00:11:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/07/04 14:43:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\AVG\AVG2012\Thunderbird\ [2011/12/23 09:49:33 | 000,000,000 | ---D | M]

[2011/07/04 14:43:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User1\Application Data\Mozilla\Extensions
[2011/07/04 14:43:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User1\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/01/15 16:52:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User1\Application Data\Mozilla\Firefox\Profiles\olqzqspx.default\extensions
[2012/01/10 00:02:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\User1\Application Data\Mozilla\Firefox\Profiles\olqzqspx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/15 16:52:41 | 000,000,000 | ---D | M] (PC-Helpsoft Community Toolbar) -- C:\Documents and Settings\User1\Application Data\Mozilla\Firefox\Profiles\olqzqspx.default\extensions\{256db8bc-7da7-4248-97cd-44e07216b7f1}
[2010/12/21 19:44:49 | 000,000,000 | ---D | M] (MediaBar) -- C:\Documents and Settings\User1\Application Data\Mozilla\Firefox\Profiles\olqzqspx.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}
[2012/01/08 18:23:21 | 000,002,577 | ---- | M] () -- C:\Documents and Settings\User1\Application Data\Mozilla\Firefox\Profiles\olqzqspx.default\searchplugins\askcom.xml
[2010/09/14 12:41:12 | 000,002,506 | ---- | M] () -- C:\Documents and Settings\User1\Application Data\Mozilla\Firefox\Profiles\olqzqspx.default\searchplugins\BearShareWebSearch.xml
[2012/01/12 00:11:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/23 09:49:38 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2011/12/21 07:42:18 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/02/02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/21 05:14:26 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/12/18 17:20:31 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2010/09/14 12:41:12 | 000,002,506 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\BearShareWebSearch.xml
[2011/12/21 05:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/21 05:14:26 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/12/21 05:14:26 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/12/21 05:14:26 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = http://search.condui...&ctid=CT3106574
CHR - default_search_provider: suggest_url = http://search.conduit.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\User1\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Documents and Settings\User1\Application Data\Mozilla\plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\User1\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\User1\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\User1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1857_0\plugins/avgnpss.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\User1\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AVG Safe Search = C:\Documents and Settings\User1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1857_0\

O1 HOSTS File: ([2006/02/28 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll File not found
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll ()
O3 - HKU\S-1-5-21-984244069-2844614521-1043325133-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-984244069-2844614521-1043325133-1003\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe (MusicLab, LLC)
O4 - HKLM..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EPSON Stylus D68 Series (Copy 2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-984244069-2844614521-1043325133-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-984244069-2844614521-1043325133-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.1.66.0.cab (SysInfo Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9788FE85-567A-40BA-ACD0-BAC05BACD203}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\datamngr.dll) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\User1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/14 21:22:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{b1e54a8b-780d-11df-ab14-001617e08264}\Shell\AutoRun\command - "" = J:\WD_Windows_Tools\Setup.exe
O33 - MountPoints2\{e1189098-1da6-11e0-9b92-00e04d892a85}\Shell - "" = AutoRun
O33 - MountPoints2\{e1189098-1da6-11e0-9b92-00e04d892a85}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e1189098-1da6-11e0-9b92-00e04d892a85}\Shell\AutoRun\command - "" = I:\TVRadio.EXE
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/14 10:48:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
[2012/01/14 10:48:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2012/01/14 10:47:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2012/01/14 10:28:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2012/01/12 17:18:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User1\Start Menu\Programs\Revo Uninstaller
[2012/01/12 17:18:55 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/01/09 20:01:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User1\Application Data\Google
[2012/01/09 20:01:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2012/01/09 20:00:46 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/01/08 19:17:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/01/08 18:33:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2012/01/03 23:27:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User1\Application Data\Curiolab
[2011/12/19 17:15:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User1\Local Settings\Application Data\PC-Helpsoft
[2011/12/19 17:15:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User1\Local Settings\Application Data\Conduit
[2011/12/19 17:14:59 | 000,000,000 | ---D | C] -- C:\Program Files\PC-Helpsoft
[2011/12/18 17:21:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/16 18:05:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/16 18:02:00 | 000,000,510 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task d0f38dfd-76f1-4f38-9aec-adae08c9d6f6.job
[2012/01/16 17:45:00 | 086,821,660 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/01/16 17:41:10 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/16 17:41:06 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/16 17:40:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/15 17:01:04 | 000,073,956 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/01/14 21:44:36 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2012/01/14 21:44:36 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2012/01/13 14:05:10 | 000,154,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/12 20:46:06 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/12 20:42:00 | 000,453,814 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/12 20:42:00 | 000,074,654 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/12 17:18:56 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\User1\Desktop\Revo Uninstaller.lnk
[2012/01/12 00:11:17 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\User1\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/01/12 00:11:17 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/01/08 18:36:13 | 000,656,658 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/01/08 18:33:13 | 000,512,992 | ---- | M] () -- C:\Documents and Settings\User1\Desktop\sdasetup_revwire207[2].exe
[2012/01/08 17:58:50 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2012/01/08 17:52:57 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\User1\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/12/23 09:49:39 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/14 21:44:36 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2012/01/14 21:44:36 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2012/01/12 17:18:56 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\User1\Desktop\Revo Uninstaller.lnk
[2012/01/12 00:11:16 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/01/09 21:54:24 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/01/09 20:00:53 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/09 20:00:52 | 000,000,880 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/08 18:36:07 | 000,656,658 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/01/08 18:33:14 | 000,512,992 | ---- | C] () -- C:\Documents and Settings\User1\Desktop\sdasetup_revwire207[2].exe
[2012/01/08 18:02:45 | 000,000,510 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task d0f38dfd-76f1-4f38-9aec-adae08c9d6f6.job
[2012/01/08 17:58:50 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2011/09/07 17:13:22 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2011/09/07 17:06:52 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2011/06/04 09:50:46 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2011/06/04 09:11:24 | 000,112,831 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2011/06/04 09:11:24 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2011/01/27 19:03:35 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/12/28 12:35:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/12/15 15:58:56 | 000,013,931 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2010/11/24 17:22:20 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2010/11/11 17:52:25 | 000,507,904 | ---- | C] () -- C:\WINDOWS\Silent Hunter II remove.exe
[2010/10/27 02:35:40 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/10/27 02:35:40 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/07/09 18:40:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/07/07 22:38:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tsccStatus.dat
[2010/07/06 13:33:14 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2010/07/06 13:33:14 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2010/07/06 13:33:14 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2010/06/15 08:01:18 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010/06/14 22:43:27 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2010/06/14 22:43:27 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010/06/14 22:36:45 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/14 22:36:44 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/06/14 22:08:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/06/14 22:07:21 | 000,154,768 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/14 21:24:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/06/14 21:19:00 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/09/09 07:28:22 | 002,515,656 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2006/08/16 23:52:54 | 000,223,990 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/02/28 12:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 12:00:00 | 000,453,814 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 12:00:00 | 000,074,654 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 12:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 12:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 12:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/11/14 16:44:32 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\fileops.dll
[2001/07/06 14:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2000/04/12 16:28:12 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2000/04/12 16:24:10 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[1997/11/11 14:00:00 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== LOP Check ==========

[2011/08/04 09:50:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2010/12/21 19:49:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\111E4
[2011/12/18 17:21:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2011/10/13 13:37:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/10/13 13:16:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/12/09 18:52:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2010/12/15 15:55:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2011/03/15 09:57:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/01/16 17:45:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/12/15 15:58:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MicroNEXT Driver
[2011/09/15 15:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2012/01/08 22:33:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2011/10/16 20:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\AVG
[2011/10/13 13:22:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\AVG Secure Search
[2011/10/13 13:24:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\AVG2012
[2010/12/21 20:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\bearsharemediabartb
[2012/01/03 23:27:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Curiolab
[2011/12/13 21:51:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Image Zone Express
[2010/06/14 23:28:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\ImgBurn
[2010/07/06 19:00:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\OpenOffice.org
[2010/07/16 19:15:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Orphée Développement
[2011/12/09 23:41:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\searchquband
[2011/03/14 06:55:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Template
[2011/07/04 14:43:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Thunderbird
[2010/06/14 23:13:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Windows Desktop Search
[2011/02/24 19:03:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Windows Search
[2012/01/16 18:02:00 | 000,000,510 | ---- | M] () -- C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task d0f38dfd-76f1-4f38-9aec-adae08c9d6f6.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:0B4227B4
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:DFC5A2B2

< End of report >

#4
Gammo

Posted 16 January 2012 - 01:01 PM

Member 2k

Malware Removal
2,299 posts

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
IE - HKU\S-1-5-21-984244069-2844614521-1043325133-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3106574
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.startup.homepage: "http://search.bearshare.com/"
FF - prefs.js..keyword.URL: "http://search.bearshare.com/web?src=ffb&systemid=2&q="
[2012/01/15 16:52:41 | 000,000,000 | ---D | M] (PC-Helpsoft Community Toolbar) -- C:\Documents and Settings\User1\Application Data\Mozilla\Firefox\Profiles\olqzqspx.default\extensions\{256db8bc-7da7-4248-97cd-44e07216b7f1}
[2010/12/21 19:44:49 | 000,000,000 | ---D | M] (MediaBar) -- C:\Documents and Settings\User1\Application Data\Mozilla\Firefox\Profiles\olqzqspx.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}
[2012/01/08 18:23:21 | 000,002,577 | ---- | M] () -- C:\Documents and Settings\User1\Application Data\Mozilla\Firefox\Profiles\olqzqspx.default\searchplugins\askcom.xml
[2010/09/14 12:41:12 | 000,002,506 | ---- | M] () -- C:\Documents and Settings\User1\Application Data\Mozilla\Firefox\Profiles\olqzqspx.default\searchplugins\BearShareWebSearch.xml
[2010/09/14 12:41:12 | 000,002,506 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\BearShareWebSearch.xml
O2 - BHO: (no name) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - No CLSID value found.
O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - No CLSID value found.
O3 - HKU\S-1-5-21-984244069-2844614521-1043325133-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe (MusicLab, LLC)
O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\datamngr.dll) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll) - File not found
[2011/12/19 17:15:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User1\Local Settings\Application Data\PC-Helpsoft
[2011/12/19 17:15:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User1\Local Settings\Application Data\Conduit
[2011/12/19 17:14:59 | 000,000,000 | ---D | C] -- C:\Program Files\PC-Helpsoft
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2010/12/21 19:49:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\111E4
[2010/12/21 20:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\bearsharemediabartb
[2011/12/09 23:41:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\searchquband

:Services

:Reg

:Files
ipconfig /flushdns /c
C:\PROGRA~1\BEARSH~1
C:\Program Files\BearShare Applications
c:\program files\ask.com

:Commands
[purity]
[resethosts]
[emptytemp]
[emptyflash]
[createrestorepoint]
[reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks
When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now

#5
jacksy

Posted 16 January 2012 - 05:23 PM

Member

Topic Starter
Member
15 posts

Combo Fix log attached as requested. I have not used my pc yet so will advise you on this when I have checked it out .
Thank you very much for your help so far.
Jacksy

ComboFix 12-01-16.02 - User1 16/01/2012 23:11:22.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1496 [GMT 0:00]
Running from: c:\documents and settings\User1\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfapx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfarx.dll
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgntdumpx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgrunasx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\compat.ini
c:\documents and settings\All Users\Application Data\TEMP\AVG\htmlayout.dll
c:\documents and settings\All Users\Application Data\TEMP\AVG\incavi.avm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_cz.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_da.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_es.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_fr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ge.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_hu.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_id.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_in.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_it.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_jp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ko.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ms.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_nl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pb.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ru.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sc.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sk.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_tr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_us.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zh.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaconf.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfacz.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfada.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaes.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfafr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfage.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfahu.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaid.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfain.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfait.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfajp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfako.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfams.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfanl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapb.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaru.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasc.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfask.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfatr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaus.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfavera.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaverx.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazh.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.ini
c:\documents and settings\User1\Application Data\HPSU_48BitScanUpdate.log
c:\documents and settings\User1\GoToAssistDownloadHelper.exe
c:\documents and settings\User1\WINDOWS
c:\program files\FilmFanaticEI
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\4a7a221f33560567.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Cache\e44ea3259f2c6c3e.fb
.
.
((((((((((((((((((((((((( Files Created from 2011-12-16 to 2012-01-16 )))))))))))))))))))))))))))))))
.
.
2012-01-16 23:06 . 2012-01-16 23:06 -------- d-----w- c:\program files\AVG Secure Search
2012-01-16 22:41 . 2012-01-16 22:41 -------- d-----w- C:\_OTL
2012-01-14 21:44 . 2012-01-14 21:44 1409 ----a-w- c:\windows\QTFont.for
2012-01-14 10:48 . 2012-01-14 10:48 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Mozilla
2012-01-14 10:47 . 2012-01-14 10:47 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2012-01-14 10:28 . 2012-01-14 10:28 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2012-01-12 20:10 . 2011-04-29 19:07 852480 -c----w- c:\windows\system32\dllcache\vgx.dll
2012-01-12 17:18 . 2012-01-12 17:18 -------- d-----w- c:\program files\VS Revo Group
2012-01-12 00:11 . 2011-12-21 07:42 121816 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-01-12 00:11 . 2011-12-21 07:42 97240 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2012-01-12 00:11 . 2011-12-21 07:42 814040 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2012-01-12 00:11 . 2011-12-21 07:42 486360 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2012-01-12 00:11 . 2011-12-21 07:42 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-12 00:11 . 2011-12-21 07:42 2124760 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2012-01-12 00:11 . 2011-12-21 07:42 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2012-01-12 00:11 . 2011-12-21 04:29 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-12 00:11 . 2011-12-21 04:29 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-12 00:11 . 2011-12-21 04:29 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-12 00:11 . 2011-12-21 04:29 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2012-01-12 00:11 . 2011-12-21 04:29 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2012-01-11 23:35 . 2011-12-21 07:42 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2012-01-09 20:00 . 2012-01-09 20:01 -------- d-----w- c:\program files\Google
2012-01-08 18:33 . 2012-01-08 19:29 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-01-03 23:27 . 2012-01-03 23:27 -------- d-----w- c:\documents and settings\User1\Application Data\Curiolab
2011-12-20 10:01 . 2011-12-20 10:01 -------- d-----w- c:\windows\system32\wbem\Repository
2011-12-18 17:21 . 2011-12-18 17:21 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Secure Search
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-10 18:44 . 2011-12-06 21:06 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-25 21:57 . 2006-02-28 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2006-02-28 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2006-02-28 12:00 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2006-02-28 12:00 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2006-02-28 12:00 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-03 15:28 . 2006-02-28 12:00 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2006-02-28 12:00 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 20:35 . 2010-06-14 23:06 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-11-01 20:35 . 2006-02-28 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2011-11-01 20:35 . 2006-02-28 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-11-01 16:07 . 2006-02-28 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-11-01 15:02 . 2006-02-28 12:00 369664 ----a-w- c:\windows\system32\html.iec
2011-10-28 05:31 . 2006-02-28 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2006-02-28 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-03 22:59 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-21 07:42 . 2012-01-12 00:11 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-01-16 23:06 1574240 ----a-w- c:\program files\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll" [2012-01-16 1574240]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-09 4616064]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-01-09 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"EPSON Stylus D68 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE" [2005-01-25 98304]
"EPSON Stylus D68 Series (Copy 2)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE" [2005-01-25 98304]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-12-03 2415456]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-01-16 892768]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [11/07/2011 00:14 23120]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/07/2011 00:14 295248]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 16:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 21:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [11/08/2011 23:38 116608]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [02/08/2011 05:09 192776]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [16/01/2012 23:06 869216]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [09/01/2012 20:00 136176]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 09:58 11336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [09/01/2012 20:00 136176]
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-09 20:00]
.
2012-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-09 20:00]
.
2012-01-16 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task d0f38dfd-76f1-4f38-9aec-adae08c9d6f6.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3106574
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.1.254
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\User1\Application Data\Mozilla\Firefox\Profiles\olqzqspx.default\
FF - prefs.js: browser.search.selectedEngine - Google
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-BearShare MediaBar - c:\program files\BearShare Applications\MediaBar\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-16 23:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(848)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Completion time: 2012-01-16 23:16:28
ComboFix-quarantined-files.txt 2012-01-16 23:16
.
Pre-Run: 67,865,227,264 bytes free
Post-Run: 67,814,797,312 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 7C136CFEBF98DA3D91C551AA1B26265C

#6
Gammo

Posted 16 January 2012 - 05:28 PM

Member 2k

Malware Removal
2,299 posts

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
IE - HKU\S-1-5-21-984244069-2844614521-1043325133-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3106574

Then click the Run Fix button at the top
Let the program run unhindered.

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, click the "Update" tab and click the "Check For updates" button.
Once the updates were downloaded, click the "Scanner" tab, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

#7
jacksy

Posted 16 January 2012 - 06:14 PM

Member

Topic Starter
Member
15 posts

Have carried out the scan with MAM and attach result.
Cheked the pc and when I clic Internet Explorer search conduit.com is still there, I removed IE so this has taken over and has not been removed yet. Persistent little buggar.
thanks Jacksy

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.16.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
User1 :: HPCOMPAQ [administrator]

16/01/2012 23:59:36
mbam-log-2012-01-16 (23-59-36).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 160117
Time elapsed: 2 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#8
Gammo

Posted 17 January 2012 - 05:05 AM

Member 2k

Malware Removal
2,299 posts

Conduit is not even real malware, just (very) unwanted software. It shouldn't be so stubborn.

Delete your copy of OTL.exe from the desktop.

Then download the latest version of OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Check the box that says Scan All Users.
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open a notepad windows. OTL.Txt. This is saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post them in your topic.

#9
jacksy

Posted 17 January 2012 - 08:00 AM

Member

Topic Starter
Member
15 posts

Copy of latest report as per instructions. Thank you Jacksy

OTL logfile created on: 17/01/2012 13:53:57 - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\User1\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 71.87% Memory free
1.85 Gb Paging File | 1.43 Gb Available in Paging File | 77.29% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 63.11 Gb Free Space | 84.69% Space Free | Partition Type: NTFS

Computer Name: HPCOMPAQ | User Name: User1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\User1\Desktop\OTL(1).exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe ()
PRC - C:\Program Files\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

========== Modules (No Company Name) ==========

MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll ()
MOD - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe ()
MOD - C:\Program Files\AVG Secure Search\vprot.exe ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll ()

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (helpsvc) -- File not found
SRV - (vToolbarUpdater) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe ()
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)

========== Driver Services (SafeList) ==========

DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys ()
DRV - (rt2870) -- C:\WINDOWS\system32\drivers\rt2870.sys (Ralink Technology, Corp.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (sfman) Creative SoundFont Manager Driver (WDM) -- C:\WINDOWS\system32\drivers\sfmanm.sys (Creative Technology Ltd.)
DRV - (emu10k1) Creative Interface Manager Driver (WDM) -- C:\WINDOWS\system32\drivers\ctlfacem.sys (Creative Technology Ltd.)
DRV - (emu10k) Creative SB Live! (WDM) -- C:\WINDOWS\system32\drivers\emu10k1m.sys (Creative Technology Ltd.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-984244069-2844614521-1043325133-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-984244069-2844614521-1043325133-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-984244069-2844614521-1043325133-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3106574
IE - HKU\S-1-5-21-984244069-2844614521-1043325133-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-984244069-2844614521-1043325133-1003\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKU\S-1-5-21-984244069-2844614521-1043325133-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.co.uk/"
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1894

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/12/23 09:49:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/12 00:11:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/12 00:11:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/07/04 14:43:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2011/07/04 14:43:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User1\Application Data\Mozilla\Extensions
[2011/07/04 14:43:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User1\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/01/16 22:46:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User1\Application Data\Mozilla\Firefox\Profiles\olqzqspx.default\extensions
[2012/01/10 00:02:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\User1\Application Data\Mozilla\Firefox\Profiles\olqzqspx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/12 00:11:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/23 09:49:38 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2011/12/21 07:42:18 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/02/02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/21 05:14:26 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/01/16 23:06:05 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2011/12/21 05:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/21 05:14:26 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/12/21 05:14:26 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/12/21 05:14:26 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = http://search.condui...&ctid=CT3106574
CHR - default_search_provider: suggest_url = http://search.conduit.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\User1\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Documents and Settings\User1\Application Data\Mozilla\plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\User1\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\User1\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\User1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1857_0\plugins/avgnpss.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\User1\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AVG Safe Search = C:\Documents and Settings\User1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1857_0\

O1 HOSTS File: ([2012/01/16 23:15:04 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EPSON Stylus D68 Series (Copy 2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-984244069-2844614521-1043325133-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-984244069-2844614521-1043325133-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-984244069-2844614521-1043325133-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-984244069-2844614521-1043325133-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-984244069-2844614521-1043325133-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.1.66.0.cab (SysInfo Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9788FE85-567A-40BA-ACD0-BAC05BACD203}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\User1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/14 21:22:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/17 13:51:57 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User1\Desktop\OTL(1).exe
[2012/01/16 23:58:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/16 23:58:22 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/01/16 23:58:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/16 23:58:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/01/16 23:37:19 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/01/16 23:16:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/01/16 23:10:21 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/01/16 23:08:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/01/16 23:08:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/01/16 23:08:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/01/16 23:06:06 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/01/16 22:54:49 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/01/16 22:54:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/01/16 22:53:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/16 22:53:33 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User1\Start Menu\Programs\Administrative Tools
[2012/01/16 22:49:14 | 004,385,658 | R--- | C] (Swearware) -- C:\Documents and Settings\User1\Desktop\ComboFix.exe
[2012/01/16 22:41:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/14 10:48:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
[2012/01/14 10:48:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2012/01/14 10:47:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2012/01/14 10:28:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2012/01/12 17:18:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User1\Start Menu\Programs\Revo Uninstaller
[2012/01/12 17:18:55 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/01/09 20:01:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User1\Application Data\Google
[2012/01/09 20:01:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2012/01/09 20:00:46 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/01/08 19:17:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/01/08 18:33:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2012/01/03 23:27:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User1\Application Data\Curiolab
[2011/12/18 17:21:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search

========== Files - Modified Within 30 Days ==========

[2012/01/17 13:51:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User1\Desktop\OTL(1).exe
[2012/01/17 13:34:03 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/17 13:33:35 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/17 13:33:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/17 00:05:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/16 23:58:23 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/16 23:15:04 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/01/16 23:10:26 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/01/16 22:49:36 | 004,385,658 | R--- | M] (Swearware) -- C:\Documents and Settings\User1\Desktop\ComboFix.exe
[2012/01/16 18:02:00 | 000,000,510 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task d0f38dfd-76f1-4f38-9aec-adae08c9d6f6.job
[2012/01/16 17:45:00 | 086,821,660 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/01/15 17:01:04 | 000,073,956 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/01/14 21:44:36 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2012/01/14 21:44:36 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2012/01/13 14:05:10 | 000,154,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/12 20:46:06 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/12 20:42:00 | 000,453,814 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/12 20:42:00 | 000,074,654 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/12 17:18:56 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\User1\Desktop\Revo Uninstaller.lnk
[2012/01/12 00:11:17 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\User1\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/01/12 00:11:17 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/01/08 18:36:13 | 000,656,658 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/01/08 18:33:13 | 000,512,992 | ---- | M] () -- C:\Documents and Settings\User1\Desktop\sdasetup_revwire207[2].exe
[2012/01/08 17:58:50 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2012/01/08 17:52:57 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\User1\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/12/23 09:49:39 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk

========== Files Created - No Company Name ==========

[2012/01/16 23:58:23 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/16 23:10:26 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/01/16 23:10:24 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/01/16 23:08:38 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/16 23:08:38 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/16 23:08:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/01/16 22:54:49 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/01/16 22:54:49 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/01/14 21:44:36 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2012/01/14 21:44:36 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2012/01/12 17:18:56 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\User1\Desktop\Revo Uninstaller.lnk
[2012/01/12 00:11:16 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/01/09 21:54:24 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/01/09 20:00:53 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/09 20:00:52 | 000,000,880 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/08 18:36:07 | 000,656,658 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/01/08 18:33:14 | 000,512,992 | ---- | C] () -- C:\Documents and Settings\User1\Desktop\sdasetup_revwire207[2].exe
[2012/01/08 18:02:45 | 000,000,510 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task d0f38dfd-76f1-4f38-9aec-adae08c9d6f6.job
[2012/01/08 17:58:50 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2011/09/07 17:13:22 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2011/09/07 17:06:52 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2011/06/04 09:50:46 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2011/06/04 09:11:24 | 000,112,831 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2011/06/04 09:11:24 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2011/01/27 19:03:35 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/12/28 12:35:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/12/15 15:58:56 | 000,013,931 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2010/11/24 17:22:20 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2010/11/11 17:52:25 | 000,507,904 | ---- | C] () -- C:\WINDOWS\Silent Hunter II remove.exe
[2010/10/27 02:35:40 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/10/27 02:35:40 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/07/09 18:40:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/07/07 22:38:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tsccStatus.dat
[2010/07/06 13:33:14 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2010/07/06 13:33:14 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2010/07/06 13:33:14 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2010/06/15 08:01:18 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010/06/14 22:43:27 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2010/06/14 22:43:27 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010/06/14 22:36:45 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/14 22:36:44 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/06/14 22:08:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/06/14 22:07:21 | 000,154,768 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/14 21:24:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/06/14 21:19:00 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/09/09 07:28:22 | 002,515,656 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2006/08/16 23:52:54 | 000,223,990 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/02/28 12:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 12:00:00 | 000,453,814 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 12:00:00 | 000,074,654 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 12:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 12:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 12:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/11/14 16:44:32 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\fileops.dll
[2001/07/06 14:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2000/04/12 16:28:12 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2000/04/12 16:24:10 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[1997/11/11 14:00:00 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== LOP Check ==========

[2011/08/04 09:50:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2011/12/18 17:21:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2011/10/13 13:37:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/10/13 13:16:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/12/09 18:52:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2010/12/15 15:55:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2011/03/15 09:57:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/01/17 09:33:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/12/15 15:58:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MicroNEXT Driver
[2011/09/15 15:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2011/10/16 20:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\AVG
[2011/10/13 13:22:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\AVG Secure Search
[2011/10/13 13:24:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\AVG2012
[2012/01/03 23:27:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Curiolab
[2011/12/13 21:51:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Image Zone Express
[2010/06/14 23:28:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\ImgBurn
[2010/07/06 19:00:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\OpenOffice.org
[2010/07/16 19:15:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Orphée Développement
[2011/03/14 06:55:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Template
[2011/07/04 14:43:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Thunderbird
[2010/06/14 23:13:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Windows Desktop Search
[2011/02/24 19:03:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User1\Application Data\Windows Search
[2012/01/16 18:02:00 | 000,000,510 | ---- | M] () -- C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task d0f38dfd-76f1-4f38-9aec-adae08c9d6f6.job

========== Purity Check ==========

< End of report >

#10
Gammo

Posted 17 January 2012 - 08:18 AM

Member 2k

Malware Removal
2,299 posts

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
IE - HKU\S-1-5-21-984244069-2844614521-1043325133-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3106574

:Reg
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.nl/"

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done

Does this fix the IE homepage?

#11
jacksy

Posted 17 January 2012 - 10:30 AM

Member

Topic Starter
Member
15 posts

When I click IE I still get search conduit come up, so still not solved. Copy of scan log enclosed.
Thanks Jacksy

========== OTL ==========
HKU\S-1-5-21-984244069-2844614521-1043325133-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
========== REGISTRY ==========
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\"Start Page"|"http://www.google.nl/" /E : value set successfully!

OTL by OldTimer - Version 3.2.31.0 log created on 01172012_162230

#12
Gammo

Posted 17 January 2012 - 10:41 AM

Member 2k

Malware Removal
2,299 posts

Please download this file: http://go.microsoft....?linkid=9646978
Make sure Internet Explorer is closed.
Then run the file you've just downloaded.
Just follow the on-screen instructions.
Make sure that you check "Delete personal settings" (if you come across it).

After doing the above, restart Internet Explorer.
Did that fix it?

#13
jacksy

Posted 17 January 2012 - 11:25 AM

Member

Topic Starter
Member
15 posts

Followed your advice and the following occured:
This Microsoft Fix It does not apply to your operating system or application version.
Thanks Jacksy

#14
Gammo

Posted 17 January 2012 - 11:31 AM

Member 2k

Malware Removal
2,299 posts

#15
jacksy

Posted 17 January 2012 - 12:13 PM

Member

Topic Starter
Member
15 posts

Tried to follow your advice, after clic Advanced cannot find Reset IE settings etc so unable to complete.Search conduit .com still comes up when I clic IE.
thanks Jacksy